Freeversion_fifa.exe

Look for unusual outbound traffic to unknown IP addresses, which may indicate a C2 connection [1, 2].

The file uses advanced anti-analysis tricks, including anti-debugging , anti-VM (virtual machine) checks, and indirect syscalls to hide its activity from security software [1, 2]. FREEVERSION_fifa.exe

Pikabot (a modular loader/backdoor similar in behavior to Qakbot) [1]. Look for unusual outbound traffic to unknown IP