Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1637467
MD5:5b63b3a5d527ed5259811d2d46ecca58
SHA1:8382155b7c465dd216ea7f31fa10c7115f93f1c5
SHA256:17a3259df1b54d390acd9b338e0afd6a3ed926f294e494e07512efdb99bb99fb
Tags:exeuser-jstrosch
Infos:

Detection

Score:80
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6272 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5B63B3A5D527ED5259811D2D46ECCA58)
    • file.exe (PID: 6584 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5B63B3A5D527ED5259811D2D46ECCA58)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-13T16:56:42.224610+010020283713Unknown Traffic192.168.2.849682104.21.112.1443TCP
2025-03-13T16:56:48.236689+010020283713Unknown Traffic192.168.2.849685104.21.112.1443TCP
2025-03-13T16:56:53.993843+010020283713Unknown Traffic192.168.2.849688104.21.64.1443TCP
2025-03-13T16:56:59.513807+010020283713Unknown Traffic192.168.2.849693188.114.96.3443TCP
2025-03-13T16:57:11.484017+010020283713Unknown Traffic192.168.2.857954188.114.96.3443TCP
2025-03-13T16:57:20.057414+010020283713Unknown Traffic192.168.2.857961104.21.64.1443TCP
2025-03-13T16:57:25.642451+010020283713Unknown Traffic192.168.2.857965104.21.48.1443TCP
2025-03-13T16:57:31.224001+010020283713Unknown Traffic192.168.2.857968104.21.80.1443TCP
2025-03-13T16:57:36.793806+010020283713Unknown Traffic192.168.2.857971104.21.112.1443TCP
2025-03-13T16:57:41.295573+010020283713Unknown Traffic192.168.2.857975104.73.234.102443TCP
2025-03-13T16:57:43.866370+010020283713Unknown Traffic192.168.2.857976104.73.234.102443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: file.exeAvira: detected
Antivirus detection for URL or domain
Source: https://steamcommunity.coAvira URL Cloud: Label: phishing
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 49%Perma Link
Source: file.exeReversingLabs: Detection: 57%
Joe Sandbox ML detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.6% probability
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: zfurrycomp.top/kFwo
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: crosshairc.life/dAnjhw
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: mrodularmall.top/aNzS
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: jowinjoinery.icu/bdWUa
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: legenassedk.top/bdpWO
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: htardwarehu.icu/Sbdsa
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: cjlaspcorne.icu/DbIps
Source: 00000000.00000002.910831575.0000000001371000.00000004.00000020.00020000.00000000.sdmpString decryptor: bugildbett.top/bAuz
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:57975 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:57976 version: TLS 1.2
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A68ECE FindFirstFileExW,0_2_00A68ECE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A68F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00A68F7F
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A68ECE FindFirstFileExW,2_2_00A68ECE
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A68F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00A68F7F
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], CF91E6EAh2_2_0044A106
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edi+3E8E80E8h]2_2_0044D300
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], bx2_2_0044D300
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]2_2_0044D7F0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+18h]2_2_0040EFAE
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edi], cx2_2_00429840
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [00451018h]2_2_0040F066
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]2_2_00402800
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000104h]2_2_0041C833
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h2_2_004480C0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 6D58C181h2_2_00421890
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-4926828Eh]2_2_00421890
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00410897
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx]2_2_00410897
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+04h]2_2_00413143
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]2_2_0044D950
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0D0EF488h]2_2_0042D92B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh2_2_004019E0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx-51AE6CD0h]2_2_0044AA55
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 8B8A8924h2_2_0043F250
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+19DCC0F6h]2_2_00445250
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ebp+edi+00h]2_2_00445250
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ecx], dl2_2_00423A70
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00423A70
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], C446A772h2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-4926821Eh]2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-4926821Eh]2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 656D2358h2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+70h]2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-49268212h]2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [eax]2_2_00448220
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_004292C0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6BB1A2B4h]2_2_004482E0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea ecx, dword ptr [eax+eax]2_2_00412AF8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea ecx, dword ptr [eax-40000000h]2_2_00412AF8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea edx, dword ptr [ecx+ecx]2_2_00412AF8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-000000FAh]2_2_00433A88
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h2_2_0044C2A0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push eax2_2_00449B7F
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000104h]2_2_0041C833
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+44h]2_2_00444300
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_0040A320
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_0040A320
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-000000FAh]2_2_00433A88
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+34h]2_2_00433330
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_00436BE5
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], esi2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, ebx2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+68h]2_2_00437BB8
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ecx], dl2_2_00411C5F
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]2_2_00435C60
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+08h], ebx2_2_00445C70
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00410C1B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx]2_2_00410C1B
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+5Ch]2_2_0042F430
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00441480
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+49408C66h]2_2_00428CB0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]2_2_0044BD46
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0041EDDC
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+6D3F2F7Eh]2_2_00420D90
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [eax]2_2_00448590
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+50h]2_2_004305B2
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0041AE40
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00438E42
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+10h], ecx2_2_00438E42
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, di2_2_0042FE40
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-1272D010h]2_2_0042FE40
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, esi2_2_00437627
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [ebp+ecx+00h]2_2_0040CE30
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [eax+esi]2_2_0040CE30
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+10h], ecx2_2_00438E39
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx+0Ah]2_2_00445ED1
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]2_2_00445ED1
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]2_2_004236EB
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl2_2_004386EC
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00432F60
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+edx]2_2_00432F60
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00432F60
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax]2_2_0041AF00
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-4926828Ah]2_2_0041AF00
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1A92C912h]2_2_0040C710
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-2Ah]2_2_0044C7D0
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+04h]2_2_00412FDB
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]2_2_00446790
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0041EFAD
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_00433FB0
Source: global trafficTCP traffic: 192.168.2.8:57952 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57961 -> 104.21.64.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49682 -> 104.21.112.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49685 -> 104.21.112.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49688 -> 104.21.64.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49693 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57975 -> 104.73.234.102:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57968 -> 104.21.80.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57976 -> 104.73.234.102:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57971 -> 104.21.112.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57954 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:57965 -> 104.21.48.1:443
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ ht equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1544894861.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.co equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=70588f281b3ca5b19c7b1ee6; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:57:44 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=7b11a90485460255568d3a0d; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:57:41 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: m/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1569965615.00000000015FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tps://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: zfurrycomp.top
Source: global trafficDNS traffic detected: DNS query: crosshairc.life
Source: global trafficDNS traffic detected: DNS query: mrodularmall.top
Source: global trafficDNS traffic detected: DNS query: jowinjoinery.icu
Source: global trafficDNS traffic detected: DNS query: legenassedk.top
Source: global trafficDNS traffic detected: DNS query: htardwarehu.icu
Source: global trafficDNS traffic detected: DNS query: cjlaspcorne.icu
Source: global trafficDNS traffic detected: DNS query: bugildbett.top
Source: global trafficDNS traffic detected: DNS query: weaponrywo.digital
Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000002.00000003.1544894861.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.co
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/2
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000002.00000002.1571345083.0000000001598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570099768.0000000001575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571263767.0000000001575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570241410.0000000001598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
Source: file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128b
Source: file.exe, 00000002.00000003.1570099768.0000000001575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571263767.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128q
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000002.00000003.1570099768.0000000001575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571263767.0000000001575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/y
Source: file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/z
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
Source: file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
Source: file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 57953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57964
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57970
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57971
Source: unknownNetwork traffic detected: HTTP traffic on port 57966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 57960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57975
Source: unknownNetwork traffic detected: HTTP traffic on port 57967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57960
Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:57975 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:57976 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043F410 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043F410
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043F410 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043F410
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043FC48 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_0043FC48
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A231F00_2_00A231F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A236400_2_00A23640
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A258A00_2_00A258A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3E0A00_2_00A3E0A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A240800_2_00A24080
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4D0800_2_00A4D080
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A280900_2_00A28090
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A308900_2_00A30890
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A438900_2_00A43890
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A518900_2_00A51890
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A500D00_2_00A500D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3A8200_2_00A3A820
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A390200_2_00A39020
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4A0200_2_00A4A020
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A210000_2_00A21000
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3C0100_2_00A3C010
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A538130_2_00A53813
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4F0600_2_00A4F060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A260700_2_00A26070
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A340400_2_00A34040
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4F9B00_2_00A4F9B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A361800_2_00A36180
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3B1E00_2_00A3B1E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A529200_2_00A52920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A491000_2_00A49100
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6C9080_2_00A6C908
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A401100_2_00A40110
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A531600_2_00A53160
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2E1700_2_00A2E170
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A249400_2_00A24940
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3C9400_2_00A3C940
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2EAA00_2_00A2EAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A49AB00_2_00A49AB0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A222800_2_00A22280
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A342900_2_00A34290
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4F2E00_2_00A4F2E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A352C00_2_00A352C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2F2D00_2_00A2F2D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A252200_2_00A25220
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A292200_2_00A29220
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A452200_2_00A45220
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A46A000_2_00A46A00
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A482000_2_00A48200
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A40A100_2_00A40A10
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A56A540_2_00A56A54
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A48A500_2_00A48A50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3ABA00_2_00A3ABA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A263900_2_00A26390
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A333900_2_00A33390
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A373F00_2_00A373F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3F3D00_2_00A3F3D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2B3000_2_00A2B300
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2C3100_2_00A2C310
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3FB700_2_00A3FB70
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A413700_2_00A41370
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A283400_2_00A28340
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4EB400_2_00A4EB40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A403500_2_00A40350
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A254A00_2_00A254A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A26C800_2_00A26C80
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A364800_2_00A36480
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A454800_2_00A45480
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A524800_2_00A52480
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A304900_2_00A30490
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A53C900_2_00A53C90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3CCE00_2_00A3CCE0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2E4C00_2_00A2E4C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A33CC00_2_00A33CC0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A25C200_2_00A25C20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A614200_2_00A61420
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5B41A0_2_00A5B41A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A45C600_2_00A45C60
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A534770_2_00A53477
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A22C400_2_00A22C40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3EC400_2_00A3EC40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A48C400_2_00A48C40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A484500_2_00A48450
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A355B00_2_00A355B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4EDB00_2_00A4EDB0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A295800_2_00A29580
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4DD800_2_00A4DD80
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A535C00_2_00A535C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4F5D00_2_00A4F5D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A27D300_2_00A27D30
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2F5300_2_00A2F530
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2AD300_2_00A2AD30
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A395000_2_00A39500
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3D5600_2_00A3D560
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A385400_2_00A38540
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3DD500_2_00A3DD50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4FD500_2_00A4FD50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3C6A00_2_00A3C6A0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A4B6800_2_00A4B680
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32E900_2_00A32E90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A486900_2_00A48690
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A52E900_2_00A52E90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A326F00_2_00A326F0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A51EF00_2_00A51EF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A376200_2_00A37620
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A30E200_2_00A30E20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A506200_2_00A50620
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3B6300_2_00A3B630
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A496300_2_00A49630
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A246600_2_00A24660
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A286400_2_00A28640
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A36E400_2_00A36E40
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A37E500_2_00A37E50
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2B7800_2_00A2B780
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6E7820_2_00A6E782
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A40F800_2_00A40F80
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A217900_2_00A21790
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A367900_2_00A36790
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A29FF00_2_00A29FF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A267D00_2_00A267D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A397200_2_00A39720
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A2E7300_2_00A2E730
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A49F000_2_00A49F00
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3FF700_2_00A3FF70
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040BA502_2_0040BA50
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040E6D02_2_0040E6D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040EFAE2_2_0040EFAE
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004010402_2_00401040
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041F0652_2_0041F065
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004178702_2_00417870
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041C8332_2_0041C833
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004278302_2_00427830
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004458302_2_00445830
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004498322_2_00449832
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004380C82_2_004380C8
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004110F92_2_004110F9
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004218902_2_00421890
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004378B82_2_004378B8
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040D9402_2_0040D940
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004021402_2_00402140
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004261502_2_00426150
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004511502_2_00451150
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004391602_2_00439160
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004421682_2_00442168
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040B9702_2_0040B970
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004511702_2_00451170
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004249002_2_00424900
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042D92B2_2_0042D92B
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0045113C2_2_0045113C
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040F9C02_2_0040F9C0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004139D02_2_004139D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043B9F92_2_0043B9F9
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004121852_2_00412185
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004452502_2_00445250
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00429A702_2_00429A70
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042020C2_2_0042020C
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00426A152_2_00426A15
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041E21B2_2_0041E21B
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004292C02_2_004292C0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044CAE02_2_0044CAE0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00412AF82_2_00412AF8
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00408A802_2_00408A80
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B2802_2_0044B280
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004312902_2_00431290
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00445AA02_2_00445AA0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004512AC2_2_004512AC
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004252B02_2_004252B0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00402B502_2_00402B50
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041C8332_2_0041C833
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004443002_2_00444300
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040C3202_2_0040C320
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040A3202_2_0040A320
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00416B812_2_00416B81
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B3802_2_0044B380
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042CBA02_2_0042CBA0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004283A02_2_004283A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044C3A02_2_0044C3A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00411C5F2_2_00411C5F
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042D4602_2_0042D460
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004324072_2_00432407
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043F4102_2_0043F410
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042F4302_2_0042F430
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043DC312_2_0043DC31
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004384C32_2_004384C3
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041BCC02_2_0041BCC0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040D4D02_2_0040D4D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004434DF2_2_004434DF
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041DCDF2_2_0041DCDF
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B4F02_2_0044B4F0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004104832_2_00410483
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042F4892_2_0042F489
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00424C902_2_00424C90
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044BCB62_2_0044BCB6
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004095402_2_00409540
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004435402_2_00443540
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043155F2_2_0043155F
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004255602_2_00425560
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00413D092_2_00413D09
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040AD202_2_0040AD20
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043B5362_2_0043B536
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041EDDC2_2_0041EDDC
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00447DF02_2_00447DF0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B5802_2_0044B580
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00420D902_2_00420D90
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00407DA02_2_00407DA0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004305B22_2_004305B2
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042FE402_2_0042FE40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004336402_2_00433640
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004486502_2_00448650
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043C6102_2_0043C610
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044CE102_2_0044CE10
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004376272_2_00437627
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B6222_2_0044B622
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040CE302_2_0040CE30
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00444ED02_2_00444ED0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00445ED12_2_00445ED1
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004326E02_2_004326E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004386EC2_2_004386EC
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00415EF92_2_00415EF9
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00430E932_2_00430E93
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00410EAB2_2_00410EAB
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043E7032_2_0043E703
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041AF002_2_0041AF00
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040C7102_2_0040C710
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004367292_2_00436729
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042D7302_2_0042D730
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00408FC02_2_00408FC0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044C7D02_2_0044C7D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004047E22_2_004047E2
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004437A02_2_004437A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A258A02_2_00A258A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3E0A02_2_00A3E0A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A240802_2_00A24080
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4D0802_2_00A4D080
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A280902_2_00A28090
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A308902_2_00A30890
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A438902_2_00A43890
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A518902_2_00A51890
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A500D02_2_00A500D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3A8202_2_00A3A820
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A390202_2_00A39020
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4A0202_2_00A4A020
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A210002_2_00A21000
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3C0102_2_00A3C010
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A538132_2_00A53813
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4F0602_2_00A4F060
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A260702_2_00A26070
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A340402_2_00A34040
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4F9B02_2_00A4F9B0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A361802_2_00A36180
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3B1E02_2_00A3B1E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A231F02_2_00A231F0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A529202_2_00A52920
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A491002_2_00A49100
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A6C9082_2_00A6C908
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A401102_2_00A40110
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A531602_2_00A53160
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2E1702_2_00A2E170
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A249402_2_00A24940
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3C9402_2_00A3C940
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2EAA02_2_00A2EAA0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A49AB02_2_00A49AB0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A222802_2_00A22280
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A342902_2_00A34290
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4F2E02_2_00A4F2E0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A352C02_2_00A352C0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2F2D02_2_00A2F2D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A252202_2_00A25220
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A292202_2_00A29220
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A452202_2_00A45220
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A46A002_2_00A46A00
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A482002_2_00A48200
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A40A102_2_00A40A10
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A56A542_2_00A56A54
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A48A502_2_00A48A50
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3ABA02_2_00A3ABA0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A263902_2_00A26390
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A333902_2_00A33390
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A373F02_2_00A373F0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3F3D02_2_00A3F3D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2B3002_2_00A2B300
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2C3102_2_00A2C310
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3FB702_2_00A3FB70
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A413702_2_00A41370
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A283402_2_00A28340
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4EB402_2_00A4EB40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A403502_2_00A40350
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A254A02_2_00A254A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A26C802_2_00A26C80
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A364802_2_00A36480
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A454802_2_00A45480
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A524802_2_00A52480
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A304902_2_00A30490
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A53C902_2_00A53C90
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3CCE02_2_00A3CCE0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2E4C02_2_00A2E4C0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A33CC02_2_00A33CC0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A25C202_2_00A25C20
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A614202_2_00A61420
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A5B41A2_2_00A5B41A
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A45C602_2_00A45C60
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A534772_2_00A53477
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A22C402_2_00A22C40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3EC402_2_00A3EC40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A48C402_2_00A48C40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A484502_2_00A48450
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A355B02_2_00A355B0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4EDB02_2_00A4EDB0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A295802_2_00A29580
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4DD802_2_00A4DD80
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A535C02_2_00A535C0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4F5D02_2_00A4F5D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A27D302_2_00A27D30
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2F5302_2_00A2F530
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2AD302_2_00A2AD30
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A395002_2_00A39500
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3D5602_2_00A3D560
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A385402_2_00A38540
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3DD502_2_00A3DD50
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4FD502_2_00A4FD50
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3C6A02_2_00A3C6A0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A4B6802_2_00A4B680
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A32E902_2_00A32E90
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A486902_2_00A48690
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A52E902_2_00A52E90
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A326F02_2_00A326F0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A51EF02_2_00A51EF0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A376202_2_00A37620
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A30E202_2_00A30E20
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A506202_2_00A50620
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3B6302_2_00A3B630
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A496302_2_00A49630
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A246602_2_00A24660
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A286402_2_00A28640
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A236402_2_00A23640
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A36E402_2_00A36E40
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A37E502_2_00A37E50
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2B7802_2_00A2B780
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A6E7822_2_00A6E782
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A40F802_2_00A40F80
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A217902_2_00A21790
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A367902_2_00A36790
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A29FF02_2_00A29FF0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A267D02_2_00A267D0
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A397202_2_00A39720
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A2E7302_2_00A2E730
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A49F002_2_00A49F00
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A3FF702_2_00A3FF70
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A5F1CC appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0041AEF0 appears 102 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A64014 appears 34 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A56F60 appears 102 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040B350 appears 52 times
Source: file.exeStatic PE information: invalid certificate
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exeStatic PE information: Section: .bss ZLIB complexity 1.0003231990014265
Source: classification engineClassification label: mal80.evad.winEXE@3/0@10/6
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00439160 CoCreateInstance,2_2_00439160
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeVirustotal: Detection: 49%
Source: file.exeReversingLabs: Detection: 57%
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5711A push ecx; ret 0_2_00A5712D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD8FF1 push es; iretd 0_2_00AD8FF2
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044F34E push ds; iretd 2_2_0044F350
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004513DA push edx; retf 2_2_004513FE
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00451648 pushad ; retf 2_2_00451689
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004517FC push ebx; ret 2_2_00451803
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A5711A push ecx; ret 2_2_00A5712D
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00AD8FF1 push es; iretd 2_2_00AD8FF2
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.5 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A68ECE FindFirstFileExW,0_2_00A68ECE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A68F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00A68F7F
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A68ECE FindFirstFileExW,2_2_00A68ECE
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A68F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00A68F7F
Source: file.exe, 00000002.00000003.1570294339.0000000001562000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571263767.0000000001562000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8]Z
Source: file.exe, 00000002.00000002.1571345083.0000000001598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570241410.0000000001598000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00449B30 LdrInitializeThunk,2_2_00449B30
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A56DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A56DE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7F1B4 mov edi, dword ptr fs:[00000030h]0_2_00A7F1B4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A6490C GetProcessHeap,0_2_00A6490C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A56A2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A56A2C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A56DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A56DE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A56DDC SetUnhandledExceptionFilter,0_2_00A56DDC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A5EF1E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A5EF1E
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A56A2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00A56A2C
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A56DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00A56DE8
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A56DDC SetUnhandledExceptionFilter,2_2_00A56DDC
Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00A5EF1E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00A5EF1E

HIPS / PFW / Operating System Protection Evasion

barindex
Contains functionality to inject code into remote processes
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A7F1B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_00A7F1B4
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A688AB
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A688F6
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00A6899D
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A641F7
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A68AA3
Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00A68238
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A68489
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A63CFC
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00A68524
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_00A687D6
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_00A68777
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_00A688AB
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_00A688F6
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00A6899D
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_00A641F7
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_00A68AA3
Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00A68238
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_00A68489
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_00A63CFC
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00A68524
Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_00A687D6
Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_00A68777
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A57827 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00A57827
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		211
Process Injection		211
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Screen Capture		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin Shares2
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS13
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe49%VirustotalBrowse
file.exe58%ReversingLabsWin32.Exploit.Generic
file.exe100%AviraTR/Kryptik.jihlg

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://steamcommunity.co100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
zfurrycomp.top
104.21.112.1
truefalse
    		high
    steamcommunity.com
    		104.73.234.102
    		truefalse
      		high
      jowinjoinery.icu
      		188.114.96.3
      		truefalse
        		high
        weaponrywo.digital
        		104.21.112.1
        		truefalse
          		unknown
          legenassedk.top
          		188.114.96.3
          		truefalse
            		high
            htardwarehu.icu
            		104.21.64.1
            		truefalse
              		high
              bugildbett.top
              		104.21.80.1
              		truefalse
                		high
                crosshairc.life
                		104.21.112.1
                		truefalse
                  		high
                  mrodularmall.top
                  		104.21.64.1
                  		truefalse
                    		high
                    cjlaspcorne.icu
                    		104.21.48.1
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://steamcommunity.com/profiles/76561199822375128false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://steamcommunity.com/my/wishlist/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://player.vimeo.comfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://steamcommunity.com/2file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://steamloopback.hostfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://help.steampowered.com/en/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://steamcommunity.com/market/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://store.steampowered.com/news/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://store.steampowered.com/subscriber_agreement/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.gstatic.cn/recaptcha/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://store.steampowered.com/subscriber_agreement/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://recaptcha.net/recaptcha/;file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=enfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.cofile.exe, 00000002.00000003.1544894861.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: phishing
                                                        		unknown
                                                        https://steamcommunity.com/profiles/76561199822375128bfile.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.valvesoftware.com/legal.htmfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://steamcommunity.com/discussions/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.youtube.comfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xCfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.google.comfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://store.steampowered.com/stats/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_cfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://medal.tvfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://broadcast.st.dl.eccdnx.comfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&afile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://store.steampowered.com/steam_refunds/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://steamcommunity.com/profiles/76561199822375128qfile.exe, 00000002.00000003.1570099768.0000000001575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571263767.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&afile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&amfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&amfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://s.ytimg.com;file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steamcommunity.com/workshop/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://login.steampowered.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/legal/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=englifile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://steam.tv/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://store.steampowered.com/privacy_agreement/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://store.steampowered.com/points/shop/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://recaptcha.netfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://store.steampowered.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steamcommunity.comfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://sketchfab.comfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://lv.queniujq.cnfile.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.youtube.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://127.0.0.1:27060file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.google.com/recaptcha/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://checkout.steampowered.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://help.steampowered.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://api.steampowered.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://store.steampowered.com/account/cookiepreferences/file.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVefile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/mobilefile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCoufile.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/zfile.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/;file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1570045014.00000000015C2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571425018.00000000015C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544894861.00000000015BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/about/file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&lfile.exe, 00000002.00000003.1544857509.0000000001600000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.000000000160D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1544857509.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.0000000001604000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1569965615.00000000015FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://steamcommunity.com/yfile.exe, 00000002.00000003.1570099768.0000000001575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1571263767.0000000001575000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    104.21.48.1
                                                                                                                                                                                    		cjlaspcorne.icuUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    104.21.112.1
                                                                                                                                                                                    		zfurrycomp.topUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    188.114.96.3
                                                                                                                                                                                    		jowinjoinery.icuEuropean Union
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    104.21.64.1
                                                                                                                                                                                    		htardwarehu.icuUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    104.73.234.102
                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                    		16625AKAMAI-ASUSfalse
                                                                                                                                                                                    104.21.80.1
                                                                                                                                                                                    		bugildbett.topUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                    Analysis ID:1637467
                                                                                                                                                                                    Start date and time:2025-03-13 16:55:40 +01:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 5m 42s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:13
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:file.exe
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal80.evad.winEXE@3/0@10/6
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 94%
                                                                                                                                                                                    • Number of executed functions: 30
                                                                                                                                                                                    • Number of non-executed functions: 183
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 172.202.163.200, 23.60.203.209
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    No simulations

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    104.21.48.1345623.batGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                    • www.shlomi.app/9rzh/
                                                                                                                                                                                    ySUB97Jq80.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                    • www.shlomi.app/9rzh/
                                                                                                                                                                                    hQaXUS5gt0.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.newanthoperso.shop/3nis/
                                                                                                                                                                                    6nA8ZygZLP.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.rbopisalive.cyou/2dxw/
                                                                                                                                                                                    UhuGtHUgHf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.enoughmoney.online/z9gb/
                                                                                                                                                                                    Bill_of_Lading_20250307_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                    Stormwater Works Drawings Spec.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.lucynoel6465.shop/jgkl/
                                                                                                                                                                                    Shipment Delivery No DE0093002-PDF.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/tking3/five/fre.php
                                                                                                                                                                                    Remittance_CT022024.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/fix/five/fre.php
                                                                                                                                                                                    http://microsoft-sharepoint4543464633.pages.dev/index-2jc93/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • microsoft-sharepoint4543464633.pages.dev/index-2jc93/
                                                                                                                                                                                    104.21.112.1CQDNwLUdY4.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.rbopisalive.cyou/2dxw/
                                                                                                                                                                                    sY8Sfsplzf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.enoughmoney.online/z9gb/?TF-P7=zR3cIyonFbUCfX4wpKNWKHtg5/zg1+YcnXRNJ+yYPjA6661hsBw23FkDfEgtp7rlWUxdaFu+U4x0i75BG7d41DR1Eot6cYC6DrNKmQYa+SmymwWTrA==&Pv5=thT0rvC
                                                                                                                                                                                    gbdXRnNKkm.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.rbopisalive.cyou/a669/
                                                                                                                                                                                    JOB NO. AIQ8478.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                    jzqc1V4NqB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.rbopisalive.cyou/a669/?WBuDj=rwARXV5iz9NY7lD2nse3mpYvX8mI8lq4kwoE5vm7VO31wBaqesAJuHozl9YZ6Ede+IkifZaE/LHkIUXetab9qlITGUdXxZLx5IMa8uxv5i9osOS22A==&Jzwht=FNiD
                                                                                                                                                                                    CP07E1clp1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.fz977.xyz/406r/
                                                                                                                                                                                    2Stejb80vJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                    • www.askvtwv8.top/uztg/
                                                                                                                                                                                    Shipment_Docus_COSCO_20250307_35405649_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                    ORDER-000291-XLSX.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/tking3/five/fre.php
                                                                                                                                                                                    Quotation_Order_Request_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                    • touxzw.ir/sccc/five/fre.php

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    htardwarehu.icufile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                    nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                    L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                    SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                    noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.80.1
                                                                                                                                                                                    x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.48.1
                                                                                                                                                                                    dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.32.1
                                                                                                                                                                                    zfurrycomp.topwJWNpO6lcm.exeGet hashmaliciousAmadey, GCleaner, LummaC StealerBrowse
                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                    OjM4NF84XM.exeGet hashmaliciousAmadey, GCleaner, LummaC StealerBrowse
                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                    random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.80.1
                                                                                                                                                                                    AaxpYFDQ32.exeGet hashmaliciousAmadey, Credential Flusher, GCleaner, LummaC Stealer, StealcBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    weaponrywo.digitalfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.32.1
                                                                                                                                                                                    ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                    jowinjoinery.icufile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    kmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    13s1HMkHKv.exeGet hashmaliciousAmadey, DarkVision Rat, Fallen Miner, LummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    steamcommunity.comfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    script5.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                    https://stearncommmunity.com/profiles/52829086342741Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.197.127.21
                                                                                                                                                                                    https://sceanmcommnunmnlty.com/xroea/spwoe/zxiweGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    legenassedk.topfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    AKAMAI-ASUSfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    http://app.plangrid.com/projects/bcb97291-5564-5612-9970-d1b139dcb62d/staple/b1fc2804-67d4-470e-9780-d2d4344b3b93Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.192.228.80
                                                                                                                                                                                    Peo Retention Memo Reff No2.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 23.217.172.185
                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    7ZSfxMod_x86.exeGet hashmaliciousGamaredon, UltraVNCBrowse
                                                                                                                                                                                    • 2.19.105.127
                                                                                                                                                                                    http://observalgerie.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                    • 23.57.19.78
                                                                                                                                                                                    https://scuddlecakevgzg.cfd/d7p96sGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 2.19.105.89
                                                                                                                                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.21.16.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3
                                                                                                                                                                                    file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                    • 104.20.3.235
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.97.3
                                                                                                                                                                                    file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 188.114.96.3

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    • 104.73.234.102

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    No created / dropped files found

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Entropy (8bit):7.56751637724596
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:file.exe
                                                                                                                                                                                    File size:775'488 bytes
                                                                                                                                                                                    MD5:5b63b3a5d527ed5259811d2d46ecca58
                                                                                                                                                                                    SHA1:8382155b7c465dd216ea7f31fa10c7115f93f1c5
                                                                                                                                                                                    SHA256:17a3259df1b54d390acd9b338e0afd6a3ed926f294e494e07512efdb99bb99fb
                                                                                                                                                                                    SHA512:ff190800a6b7c38c5443f2c4a147b1feb85fff72cdccb954b2c21b89af75fd40e197baffc2b0626056a0e027a7a7353f319c585b58f9ee98ab824fdbaf7271b2
                                                                                                                                                                                    SSDEEP:12288:GIJQ/s2kiatVPnIpbWiJ621POPAANU/Sc+e1RoKq/T/+Kc5fBzBS0+I4d0Z2cdPQ:7BnIpnJhdQAANeNboz/aKc5fr3l4dzcm
                                                                                                                                                                                    TLSH:02F4D046BC91D0B3E91628B14D29E7C50C6B6B604F20C4FBBED89D646FB36E18932357
                                                                                                                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.............................w............@.......................................@.................................P...(..

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x4377d2
                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x67D1BF1F [Wed Mar 12 17:06:39 2025 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                    Import Hash:033c5f85fb620246315503dc218ebc8c

                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                    Signature Valid:false
                                                                                                                                                                                    Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                    Error Number:-2146869232
                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                    • 15/12/2020 22:24:20 02/12/2021 22:24:20
                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                    • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                    Version:3
                                                                                                                                                                                    Thumbprint MD5:31F605F0D1D4BA54250DA5C719A8200C
                                                                                                                                                                                    Thumbprint SHA-1:E8C15B4C98AD91E051EE5AF5F524A8729050B2A2
                                                                                                                                                                                    Thumbprint SHA-256:22A3C23E08C7DBB4E7F4591E58C04285C0514C2894E3C418AD157D817D7EDF3C
                                                                                                                                                                                    Serial:33000003DE8D56825AF1A4A9670000000003DE

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    call 00007F9BD07BFF9Ah
                                                                                                                                                                                    jmp 00007F9BD07BFE09h
                                                                                                                                                                                    mov ecx, dword ptr [0045F840h]
                                                                                                                                                                                    push esi
                                                                                                                                                                                    push edi
                                                                                                                                                                                    mov edi, BB40E64Eh
                                                                                                                                                                                    mov esi, FFFF0000h
                                                                                                                                                                                    cmp ecx, edi
                                                                                                                                                                                    je 00007F9BD07BFF96h
                                                                                                                                                                                    test esi, ecx
                                                                                                                                                                                    jne 00007F9BD07BFFB8h
                                                                                                                                                                                    call 00007F9BD07BFFC1h
                                                                                                                                                                                    mov ecx, eax
                                                                                                                                                                                    cmp ecx, edi
                                                                                                                                                                                    jne 00007F9BD07BFF99h
                                                                                                                                                                                    mov ecx, BB40E64Fh
                                                                                                                                                                                    jmp 00007F9BD07BFFA0h
                                                                                                                                                                                    test esi, ecx
                                                                                                                                                                                    jne 00007F9BD07BFF9Ch
                                                                                                                                                                                    or eax, 00004711h
                                                                                                                                                                                    shl eax, 10h
                                                                                                                                                                                    or ecx, eax
                                                                                                                                                                                    mov dword ptr [0045F840h], ecx
                                                                                                                                                                                    not ecx
                                                                                                                                                                                    pop edi
                                                                                                                                                                                    mov dword ptr [0045F880h], ecx
                                                                                                                                                                                    pop esi
                                                                                                                                                                                    ret
                                                                                                                                                                                    push ebp
                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                    sub esp, 14h
                                                                                                                                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                    xorps xmm0, xmm0
                                                                                                                                                                                    push eax
                                                                                                                                                                                    movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                    call dword ptr [0045C860h]
                                                                                                                                                                                    mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                    xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                    mov dword ptr [ebp-04h], eax
                                                                                                                                                                                    call dword ptr [0045C820h]
                                                                                                                                                                                    xor dword ptr [ebp-04h], eax
                                                                                                                                                                                    call dword ptr [0045C81Ch]
                                                                                                                                                                                    xor dword ptr [ebp-04h], eax
                                                                                                                                                                                    lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                    push eax
                                                                                                                                                                                    call dword ptr [0045C8A8h]
                                                                                                                                                                                    mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                    lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                    xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                    xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                    xor eax, ecx
                                                                                                                                                                                    leave
                                                                                                                                                                                    ret
                                                                                                                                                                                    mov eax, 00004000h
                                                                                                                                                                                    ret
                                                                                                                                                                                    push 004614D0h
                                                                                                                                                                                    call dword ptr [0045C880h]
                                                                                                                                                                                    ret
                                                                                                                                                                                    push 00030000h
                                                                                                                                                                                    push 00010000h
                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                    call 00007F9BD07C6AE5h
                                                                                                                                                                                    add esp, 0Ch

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5c6500x28.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xb90000x4540.bss
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x630000x276c.reloc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x58b280x18.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x54f980xc0.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x5c7c00x148.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000x52cc00x52e00b955d299ddc749adb9e2a9fa46e5dda4False0.5095947633861236data6.772334323063753IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rdata0x540000xa1240xa200147c72eee2c66963ee69f82cf3610cb3False0.4244068287037037data4.908125312415663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0x5f0000x2c9c0x1600eab85ca8d24299491f287a6faf9660e1False0.4069602272727273data4.744736283390186IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .tls0x620000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .reloc0x630000x276c0x2800ed7d506be2e46b9b1c8fde31ac68b654False0.7849609375data6.600494306172883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .bss0x660000x57a000x57a00931a83c0ae0de195880c34762267afbfFalse1.0003231990014265data7.999462039181764IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEndOfFile, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                    2025-03-13T16:56:42.224610+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849682104.21.112.1443TCP
                                                                                                                                                                                    2025-03-13T16:56:48.236689+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849685104.21.112.1443TCP
                                                                                                                                                                                    2025-03-13T16:56:53.993843+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849688104.21.64.1443TCP
                                                                                                                                                                                    2025-03-13T16:56:59.513807+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849693188.114.96.3443TCP
                                                                                                                                                                                    2025-03-13T16:57:11.484017+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857954188.114.96.3443TCP
                                                                                                                                                                                    2025-03-13T16:57:20.057414+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857961104.21.64.1443TCP
                                                                                                                                                                                    2025-03-13T16:57:25.642451+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857965104.21.48.1443TCP
                                                                                                                                                                                    2025-03-13T16:57:31.224001+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857968104.21.80.1443TCP
                                                                                                                                                                                    2025-03-13T16:57:36.793806+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857971104.21.112.1443TCP
                                                                                                                                                                                    2025-03-13T16:57:41.295573+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857975104.73.234.102443TCP
                                                                                                                                                                                    2025-03-13T16:57:43.866370+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.857976104.73.234.102443TCP

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Mar 13, 2025 16:56:39.275262117 CET49682443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:39.275312901 CET44349682104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:39.275374889 CET49682443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:39.311341047 CET49682443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:39.311367989 CET44349682104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:42.219521999 CET44349682104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:42.224610090 CET49682443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:42.224989891 CET49683443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:42.225008965 CET44349682104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:42.225047112 CET44349683104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:42.225080013 CET49682443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:42.225143909 CET49683443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:42.226134062 CET49683443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:42.226151943 CET44349683104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.283786058 CET44349683104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.286295891 CET49683443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.286449909 CET44349683104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.286520004 CET49683443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.286664009 CET49684443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.286717892 CET44349684104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.286784887 CET49684443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.288671017 CET49684443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.288736105 CET44349684104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.288789034 CET49684443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.309005022 CET49685443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.309042931 CET44349685104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.309146881 CET49685443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.309529066 CET49685443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.309542894 CET44349685104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:48.236099958 CET44349685104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:48.236689091 CET49685443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:48.236840010 CET44349685104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:48.236893892 CET49685443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:48.237102032 CET49686443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:48.237150908 CET44349686104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:48.237226963 CET49686443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:48.237615108 CET49686443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:48.237628937 CET44349686104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:50.932477951 CET44349686104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:50.932976961 CET49686443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933087111 CET44349686104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933141947 CET49686443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933512926 CET49687443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933557987 CET44349687104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933634996 CET49687443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933885098 CET49687443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933904886 CET44349687104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:50.933947086 CET49687443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:56:51.115542889 CET49688443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:51.115596056 CET44349688104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:51.115691900 CET49688443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:51.116020918 CET49688443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:51.116036892 CET44349688104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:53.993268013 CET44349688104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:53.993843079 CET49688443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:53.993979931 CET44349688104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:53.994070053 CET49688443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:53.994391918 CET49690443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:53.994441986 CET44349690104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:53.994648933 CET49690443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:53.995115042 CET49690443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:53.995126963 CET44349690104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.724438906 CET44349690104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.727181911 CET49690443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.727334976 CET44349690104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.727497101 CET49690443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.727674007 CET49692443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.727722883 CET44349692104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.727788925 CET49692443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.733069897 CET49692443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.733123064 CET44349692104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.733175993 CET49692443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.751420021 CET49693443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:56.751471043 CET44349693188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.751552105 CET49693443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:56.752116919 CET49693443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:56.752130985 CET44349693188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:59.513475895 CET44349693188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:59.513807058 CET49693443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:59.513936043 CET44349693188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:59.513994932 CET49693443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:59.514247894 CET49697443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:59.514292955 CET44349697188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:59.514350891 CET49697443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:59.514640093 CET49697443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:56:59.514653921 CET44349697188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:00.086872101 CET5795253192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:00.091543913 CET53579521.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:00.091620922 CET5795253192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:00.096363068 CET53579521.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:00.552817106 CET5795253192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:00.562477112 CET53579521.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:00.562536001 CET5795253192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:03.184231997 CET44349697188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:03.184784889 CET49697443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.184921026 CET44349697188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185002089 CET49697443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185354948 CET57953443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185400963 CET44357953188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185506105 CET57953443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185800076 CET57953443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185836077 CET44357953188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:03.185900927 CET57953443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.202498913 CET57954443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.202538967 CET44357954188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:03.202625036 CET57954443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.203020096 CET57954443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:03.203033924 CET44357954188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:11.483825922 CET44357954188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:11.483942032 CET44357954188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:11.484016895 CET57954443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:11.484347105 CET57954443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:11.484369993 CET44357954188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:11.484890938 CET57958443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:11.484916925 CET44357958188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:11.485003948 CET57958443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:11.485548973 CET57958443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:11.485563040 CET44357958188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.313030958 CET44357958188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.313476086 CET57958443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:17.313600063 CET44357958188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.313647985 CET57958443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:17.313985109 CET57960443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:17.314018011 CET44357960188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.314121962 CET57960443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:17.314690113 CET57960443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:17.314721107 CET44357960188.114.96.3192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.314920902 CET57960443192.168.2.8188.114.96.3
                                                                                                                                                                                    Mar 13, 2025 16:57:17.332000017 CET57961443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:17.332016945 CET44357961104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.332118034 CET57961443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:17.332601070 CET57961443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:17.332613945 CET44357961104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:20.056999922 CET44357961104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:20.057414055 CET57961443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:20.057523966 CET44357961104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:20.057598114 CET57961443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:20.057879925 CET57963443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:20.057929993 CET44357963104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:20.057998896 CET57963443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:20.058311939 CET57963443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:20.058337927 CET44357963104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.855689049 CET44357963104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856070042 CET57963443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856220961 CET44357963104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856276035 CET57963443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856506109 CET57964443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856556892 CET44357964104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856637955 CET57964443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856834888 CET57964443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856867075 CET44357964104.21.64.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.856911898 CET57964443192.168.2.8104.21.64.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.872471094 CET57965443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.872524023 CET44357965104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.872601986 CET57965443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.872984886 CET57965443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.872999907 CET44357965104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:25.634687901 CET44357965104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:25.642451048 CET57965443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:25.642626047 CET44357965104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:25.642679930 CET57965443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:25.642959118 CET57966443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:25.643011093 CET44357966104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:25.643083096 CET57966443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:25.643626928 CET57966443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:25.643647909 CET44357966104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.406436920 CET44357966104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.406934977 CET57966443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.407067060 CET44357966104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.407140017 CET57966443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.407461882 CET57967443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.407546997 CET44357967104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.407640934 CET57967443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.408015966 CET57967443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.408055067 CET44357967104.21.48.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.408114910 CET57967443192.168.2.8104.21.48.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.427853107 CET57968443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.427892923 CET44357968104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.427972078 CET57968443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.428347111 CET57968443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.428360939 CET44357968104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:31.223542929 CET44357968104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224000931 CET57968443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224121094 CET44357968104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224174023 CET57968443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224406958 CET57969443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224441051 CET44357969104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224515915 CET57969443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224909067 CET57969443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:31.224925995 CET44357969104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.099647999 CET44357969104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100239038 CET57969443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100352049 CET44357969104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100410938 CET57969443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100493908 CET57970443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100526094 CET44357970104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100596905 CET57970443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100795984 CET57970443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.100996017 CET44357970104.21.80.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.101062059 CET57970443192.168.2.8104.21.80.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.119442940 CET57971443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.119488955 CET44357971104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.119576931 CET57971443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.119972944 CET57971443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.119987965 CET44357971104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:36.793337107 CET44357971104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:36.793806076 CET57971443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794152021 CET44357971104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794192076 CET57973443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794203997 CET57971443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794224977 CET44357973104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794298887 CET57973443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794617891 CET57973443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:36.794631004 CET44357973104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.448837042 CET44357973104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.449290991 CET57973443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.449383020 CET44357973104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.449445009 CET57973443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.449739933 CET57974443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.449780941 CET44357974104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.449881077 CET57974443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.450053930 CET57974443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.450081110 CET44357974104.21.112.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.450124025 CET57974443192.168.2.8104.21.112.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.459810972 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:39.459850073 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.459943056 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:39.460326910 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:39.460341930 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:41.295427084 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:41.295572996 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:41.297386885 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:41.297410011 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:41.297755003 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:41.345556974 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:41.461427927 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:41.504332066 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.179794073 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.179824114 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.179857016 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.179877043 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.179907084 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.180049896 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.180049896 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.180068016 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.180111885 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.309176922 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.309237957 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.309278011 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.309497118 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.309497118 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.314407110 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.314441919 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.314461946 CET57975443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.314467907 CET44357975104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.341397047 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.341466904 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:42.341594934 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.341964006 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:42.341979980 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:43.866126060 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:43.866369963 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:43.867805004 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:43.867841005 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:43.868202925 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:43.869509935 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:43.916323900 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747490883 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747518063 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747540951 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747633934 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747647047 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747716904 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.747737885 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.825582981 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.825629950 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.825706005 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.825814009 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.825814009 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.825814009 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.826090097 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.826102018 CET44357976104.73.234.102192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:44.826113939 CET57976443192.168.2.8104.73.234.102
                                                                                                                                                                                    Mar 13, 2025 16:57:44.826118946 CET44357976104.73.234.102192.168.2.8

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Mar 13, 2025 16:56:39.007672071 CET6340353192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET53634031.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:45.290146112 CET6484253192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET53648421.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:50.935081959 CET5952753192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET53595271.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:56:56.734855890 CET5197053192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:56:56.750624895 CET53519701.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:00.086364985 CET53555351.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:03.186969995 CET6362353192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:03.201559067 CET53636231.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:17.316735983 CET6022053192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET53602201.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:22.858203888 CET6457153192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET53645711.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:28.409265995 CET5470453192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET53547041.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:34.102025032 CET5808453192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET53580841.1.1.1192.168.2.8
                                                                                                                                                                                    Mar 13, 2025 16:57:39.451354027 CET4970453192.168.2.81.1.1.1
                                                                                                                                                                                    Mar 13, 2025 16:57:39.458832979 CET53497041.1.1.1192.168.2.8

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Mar 13, 2025 16:56:39.007672071 CET192.168.2.81.1.1.10x3d03Standard query (0)zfurrycomp.topA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.290146112 CET192.168.2.81.1.1.10x9fb1Standard query (0)crosshairc.lifeA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:50.935081959 CET192.168.2.81.1.1.10x4cadStandard query (0)mrodularmall.topA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:56.734855890 CET192.168.2.81.1.1.10x84d7Standard query (0)jowinjoinery.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:03.186969995 CET192.168.2.81.1.1.10xc842Standard query (0)legenassedk.topA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.316735983 CET192.168.2.81.1.1.10xc504Standard query (0)htardwarehu.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.858203888 CET192.168.2.81.1.1.10xc5c6Standard query (0)cjlaspcorne.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.409265995 CET192.168.2.81.1.1.10x8efbStandard query (0)bugildbett.topA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.102025032 CET192.168.2.81.1.1.10x47aStandard query (0)weaponrywo.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:39.451354027 CET192.168.2.81.1.1.10xb429Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:39.264894962 CET1.1.1.1192.168.2.80x3d03No error (0)zfurrycomp.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:45.307801008 CET1.1.1.1192.168.2.80x9fb1No error (0)crosshairc.life104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:51.114517927 CET1.1.1.1192.168.2.80x4cadNo error (0)mrodularmall.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:56.750624895 CET1.1.1.1192.168.2.80x84d7No error (0)jowinjoinery.icu188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:56:56.750624895 CET1.1.1.1192.168.2.80x84d7No error (0)jowinjoinery.icu188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:03.201559067 CET1.1.1.1192.168.2.80xc842No error (0)legenassedk.top188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:03.201559067 CET1.1.1.1192.168.2.80xc842No error (0)legenassedk.top188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:17.330749035 CET1.1.1.1192.168.2.80xc504No error (0)htardwarehu.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:22.871474981 CET1.1.1.1192.168.2.80xc5c6No error (0)cjlaspcorne.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:28.426876068 CET1.1.1.1192.168.2.80x8efbNo error (0)bugildbett.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:34.118403912 CET1.1.1.1192.168.2.80x47aNo error (0)weaponrywo.digital104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                    Mar 13, 2025 16:57:39.458832979 CET1.1.1.1192.168.2.80xb429No error (0)steamcommunity.com104.73.234.102A (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • steamcommunity.com

                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.857954188.114.96.34436584C:\Users\user\Desktop\file.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Mar 13, 2025 16:57:11.483825922 CET163INHTTP/1.0 522 status code 522
                                                                                                                                                                                    content-type: text/plain; charset=utf-8
                                                                                                                                                                                    x-content-type-options: nosniff
                                                                                                                                                                                    date: Thu, 13 Mar 2025 15:57:11 GMT
                                                                                                                                                                                    content-length: 1
                                                                                                                                                                                    Data Raw: 0a
                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.857975104.73.234.1024436584C:\Users\user\Desktop\file.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-03-13 15:57:41 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                    2025-03-13 15:57:42 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Date: Thu, 13 Mar 2025 15:57:41 GMT
                                                                                                                                                                                    Content-Length: 26244
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Set-Cookie: sessionid=7b11a90485460255568d3a0d; Path=/; Secure; SameSite=None
                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                    2025-03-13 15:57:42 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                    2025-03-13 15:57:42 UTC11822INData Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 73 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 73 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 20 28 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                    Data Ascii: yle="display: none;"><div class="popup_body popup_menu"><a class="popup_menu_item tight" href="?l=schinese" onclick="ChangeLanguage( 'schinese' ); return false;"> (Simplified Chinese)</a>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.857976104.73.234.1024436584C:\Users\user\Desktop\file.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2025-03-13 15:57:43 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                    2025-03-13 15:57:44 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Date: Thu, 13 Mar 2025 15:57:44 GMT
                                                                                                                                                                                    Content-Length: 26244
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    Set-Cookie: sessionid=70588f281b3ca5b19c7b1ee6; Path=/; Secure; SameSite=None
                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                    2025-03-13 15:57:44 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                    2025-03-13 15:57:44 UTC11822INData Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 73 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 73 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 20 28 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                    Data Ascii: yle="display: none;"><div class="popup_body popup_menu"><a class="popup_menu_item tight" href="?l=schinese" onclick="ChangeLanguage( 'schinese' ); return false;"> (Simplified Chinese)</a>


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:11:56:37
                                                                                                                                                                                    Start date:13/03/2025
                                                                                                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                    Imagebase:0xa20000
                                                                                                                                                                                    File size:775'488 bytes
                                                                                                                                                                                    MD5 hash:5B63B3A5D527ED5259811D2D46ECCA58
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                    Start time:11:56:38
                                                                                                                                                                                    Start date:13/03/2025
                                                                                                                                                                                    Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                    Imagebase:0xa20000
                                                                                                                                                                                    File size:775'488 bytes
                                                                                                                                                                                    MD5 hash:5B63B3A5D527ED5259811D2D46ECCA58
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >